>On 10/5/18 1:53 AM, Mark Andrews wrote:
> If you don’t want fragmented IPv6 UDP responses use
>
> server ::/0 { edns-udp-size 1232; };
>
> That’s 1280 - IPv6 header - UDP header. Anything bigger than that can
> theoretically be fragmented. You will then have to deal with PMTUD
> failures as the servers switch over to TCP.
That is true provided that you accept that some people may not be able to
respond without the packet getting fragmented due to tunneling or a million
other reasons they may not support that MTU. Nonstandard MTU has always and
seems will continue to be problematic. It all really began with tunneling
which by its nature lowers the MTU available to the application. Firewalls
really have to just deal with it and do the re-assembly they need to. It does
create tremendous performance issues for these devices at high bandwidth.
Bottom line is fragmentation sucks and V6 does not make it any better.
Steven Naslund
Chicago IL
