Change the safe edns-udp-size from 1400 to 1432

When backporting the Don't Fragment UDP socket option, it was noticed
that the edns-udp-size probing uses 1432 as one of the values to be
probed and the documentation would be recommending 1400 as the safe
value.  As the safe value can be from the 1400-1500 interval, the
documentation has been changed to match the probed value, so we do not
skip it.

diff --git a/CHANGES b/CHANGES
index fbf37523ce8f0686a4ccc10645444044fe04013f..d374179850f96f4b07e9d0e7a0c8f573ce4fe499 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,8 @@
+5666.  [func]          Tweak the safe "edns-udp-size" to match the probing
+                       value from BIND 9.16 for better compatibility. Also
+                       ``named`` now sets the DON'T FRAGMENT flag on outgoing
+                       UDP packets. [GL #2183]
+
 5664.  [func]          Handle a UDP sending error on UDP messages larger
                        than the path MTU; in such a case an empty response is
                        sent back with the TC (TrunCated) bit set. Re-enable

diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst
index 6ad8b71e4f78a20403ca5206a71d66158b580cef..1b08077b6971c1acac7008eeaf05bfd2cbb9b413 100644 (file)
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -3492,6 +3492,19 @@ Tuning
    to be sent without fragmentation at the minimum MTU sizes for
    Ethernet and IPv6 networks.)
 
+   The ``named`` now sets the DON'T FRAGMENT flag on outgoing UDP packets.
+   According to the measurements done by multiple parties this should not be
+   causing any operational problems as most of the Internet "core" is able to
+   cope with IP message sizes between 1400-1500 bytes, the 1232 size was picked
+   as a conservative minimal number that could be changed by the DNS operator to
+   a estimated path MTU minus the estimated header space. In practice, the
+   smallest MTU witnessed in the operational DNS community is 1500 octets, the
+   Ethernet maximum payload size, so a a useful default for maximum DNS/UDP
+   payload size on **reliable** networks would be 1432.
+
+   Any server-specific ``edns-udp-size`` setting has precedence over all
+   the above rules.
+
 ``max-udp-size``
    This sets the maximum EDNS UDP message size that ``named`` sends, in bytes.
    Valid values are 512 to 4096; values outside this range are

diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index 3065c8d1303eb63a64125a7e849e96857e0159c3..6a3395284512e45746e81ca5ec7e70bce6735617 100644 (file)
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -39,6 +39,16 @@ Feature Changes
   ``named`` now sends back empty DNS messages with the TC (TrunCated) bit set,
   forcing the DNS client to fall back to TCP.  :gl:`#2790`
 
+  ``named`` now sets the DON'T FRAGMENT flag on outgoing UDP packets.  According
+  to the measurements done by multiple parties this should not be causing any
+  operational problems as most of the Internet "core" is able to cope with IP
+  message sizes between 1400-1500 bytes, the 1232 size was picked as a
+  conservative minimal number that could be changed by the DNS operator to a
+  estimated path MTU minus the estimated header space. In practice, the smallest
+  MTU witnessed in the operational DNS community is 1500 octets, the Ethernet
+  maximum payload size, so a a useful default for maximum DNS/UDP payload size
+  on reliable networks would be 1432. [GL #2183]
+
 Bug Fixes
 ~~~~~~~~~