>On 10/5/18 1:53 AM, Mark Andrews wrote:
> If you don’t want fragmented IPv6 UDP responses use
> 
>       server ::/0 { edns-udp-size 1232; };
> 
> That’s 1280 - IPv6 header - UDP header.  Anything bigger than that can 
> theoretically be fragmented.  You will then have to deal with PMTUD 
> failures as the servers switch over to TCP.
That is true provided that you accept that some people may not be able to 
respond without the packet getting fragmented due to tunneling or a million 
other reasons they may not support that MTU.   Nonstandard MTU has always and 
seems will continue to be problematic.  It all really began with tunneling 
which by its nature lowers the MTU available to the application.  Firewalls 
really have to just deal with it and do the re-assembly they need to.  It does 
create tremendous performance issues for these devices at high bandwidth.  
Bottom line is fragmentation sucks and V6 does not make it any better.

Steven Naslund
Chicago IL


Reply via email to