Maintained by: NLnet Labs

[Unbound-users] Maximum size of UDP responses?

W.C.A. Wijngaards
Mon Apr 8 10:50:21 CEST 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Daisuke,

On 03/29/2013 04:12 PM, Daisuke HIGASHI wrote:
>>> "max-udp-size" is almost exactly same as BIND9's.
>> 
>> Very good idea. I note that NSD has two parameters for that, one
>> for IPv4 responses and one for IPv6 (to deal with MTU issues). I
>> wonder if it's worth the complexity?
> 
> This patch adds delective udp-max-size-ip4 and udp-max-size-ip6 
> instead of udp-max-size.
> 
> It seems OK and no performance impact but I'm not sure about use of
> a function "addr_is_ip6()".

Your patches are good quality.  One thing I am not sure about is that
allow_minimal, with 512byte responses, does not allow the client to
use dnssec validation, because 512 is often too small to do so.  Or do
you want it to use TCP as it receives +TC replies?

Also, additional configuration options are not really good; we want to
avoid code-bloat.  If this is useful for many users, it could be
added, as the operational environment for DNS services changes.  Is
this more of an experiment (it seems now), or a necessary feature?

Best regards,
   Wouter

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJRYoTNAAoJEJ9vHC1+BF+NCKIP/04MyR6jLCuu6QXhbq4ovLnH
Vw4L7VWULiFevMiRT45SEjhenvQJqOMkQy9cUVE/aP7xMtfKi3JBBPH1zCHk0PtA
fmh5ikPgujAEPwCsT0WuvMeNpM08IZ/B9drIDeQFH3auNsFicHtkPA/aI2v25mVa
Y7Q1p5mB7Raf7XMfPDqk5pe9uTL5GgH1hp1YzK3iJEwZqFCcI4x3zh0xWuhSjJio
43Ypliag02yfNNMeaVD9VSkMEa4NG3EDBy7RNx+utLGAnJpWYyPhbyCDcflvBTAz
26LBCP9SKGOyOefNJDtWPc/Vx53hJ0cMgKeqKm7sGm4ku5Y161w2M29hbZGgtZDN
Xej9T1RwLMieV3pfgoK5K8RsUJEw1FIcmDswRgqweyJ8PH3kiIFAyym3la793u1Z
kC6Lz6Vv4NQeSColE1q4o0Pfc+GgBS4dfDUzIlcygMhRa3ICeqvvGAeUlXUiuZXL
uJJu8N7CqR4IUraiLrsJ0z6GDCZAFXdMqYuAn9/wZo0pQtnfgQwow9J2fRWOIWO/
j6wZfS3ETfHapWMsimufiMbOrDSKt26QqN2sbOINojdfRIsvwwxI/qOGNBWV7v6B
RKvgrJT9q0QBQ04orcM+Y8D+BTQDRDKOiEb79qlW+32M9VFzu1tSbtQzriI+LgCQ
o5vrz5qpZLItcvAo22+o
=beTd
-----END PGP SIGNATURE-----