Maintained by: NLnet Labs

[Unbound-users] problems resolving /

Florian Weimer
Fri Jun 24 10:36:00 CEST 2011

* Paul Wouters:

> On Tue, 21 Jun 2011, Florian Weimer wrote:
>> For IPv6, the DNS server must fragment to about 1200 bytes per packet,
>> or cap EDNS0 buffer sizes at about 1150 bytes.  I'm not sure how many
>> servers get this right.  I'm not even sure if there's a suitable kernel
>> interface to achieve that.
> Should edns-buffer-size: be split in two options, one for ipv6 and one
> for ipv4?

I don't think this is needed.  In any case, it's more important to avoid
fragmentation over IPv4. 8-/

> With the ipv6 one using a default 1150?

I pulled those numbers out of thin air.  I checked more carefully, and
1280 bytes for the entire IPv6 packet (including all IPv6 headers) is
allowed.  EDNS0 buffer sizes which are guaranteed to avoid fragmentation
are a bit smaller: 40 bytes for the IPv6 header, and 8 bytes for the UDP
header, plus a variable amount of IPv6 extension headers (which should
not happen in practice).  RFC 3226 requires an advertised buffer size of
at least 1220 bytes, which seems to result in packets smaller than the
minimum IPv6 MTU, so that's probably the number that should be the

But maybe we can get authoritative servers to fragment IPv6 responses to
1280 bytes.  Then no resolver changes would be needed.

Florian Weimer                <fweimer at>
BFK edv-consulting GmbH
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99