Re: [DNSOP] RFC 2671 (dnsmasq author's answer)

Francis Dupont <Francis.Dupont@fdupont.fr> Fri, 25 December 2009 20:04 UTC

Return-Path: <Francis.Dupont@fdupont.fr>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E20473A68A4 for <dnsop@core3.amsl.com>; Fri, 25 Dec 2009 12:04:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.259
X-Spam-Level:
X-Spam-Status: No, score=-1.259 tagged_above=-999 required=5 tests=[AWL=-0.499, BAYES_05=-1.11, HELO_EQ_FR=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lszmYJY2kQ6L for <dnsop@core3.amsl.com>; Fri, 25 Dec 2009 12:04:38 -0800 (PST)
Received: from givry.fdupont.fr (givry.fdupont.fr [91.121.26.85]) by core3.amsl.com (Postfix) with ESMTP id 8CD253A67A1 for <dnsop@ietf.org>; Fri, 25 Dec 2009 12:04:38 -0800 (PST)
Received: from givry.fdupont.fr (localhost [127.0.0.1]) by givry.fdupont.fr (8.14.3/8.14.3) with ESMTP id nBPK3GPa075716; Fri, 25 Dec 2009 20:03:17 GMT (envelope-from dupont@givry.fdupont.fr)
Message-Id: <200912252003.nBPK3GPa075716@givry.fdupont.fr>
From: Francis Dupont <Francis.Dupont@fdupont.fr>
To: dnsop@ietf.org
Date: Fri, 25 Dec 2009 20:03:16 +0000
Sender: Francis.Dupont@fdupont.fr
Cc: Simon Kelley <simon@thekelleys.org.uk>
Subject: Re: [DNSOP] RFC 2671 (dnsmasq author's answer)
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Dec 2009 20:04:40 -0000

Here is the answer from dnsmasq author...

Francis.Dupont@fdupont.fr

PS: as dnsmasq is very common in "boxes" (ADSL or CATV modem, home
gateways, wireless routers, etc) I am very satisfied by this answer.

------- Forwarded Message

Replied: Thu, 24 Dec 2009 11:57:39 +0000
Replied: Simon Kelley <simon@thekelleys.org.uk>
Return-Path: simon@thekelleys.org.uk
Delivery-Date: Mon Dec 21 17:57:42 2009
Return-Path: <simon@thekelleys.org.uk>
Received: from eyas.biff.org.uk (eyas.biff.org.uk [80.68.92.121])
	by givry.fdupont.fr (8.14.3/8.14.3) with ESMTP id nBLHvgeX014070
	for <Francis.Dupont@fdupont.fr>; Mon, 21 Dec 2009 17:57:42 GMT
	(envelope-from simon@thekelleys.org.uk)
Received: from cpc1-cmbg12-0-0-cust836.cmbg.cable.ntl.com ([86.9.119.69] helo=thekelleys.org.uk)
	by eyas.biff.org.uk with esmtpa (Exim 4.69)
	(envelope-from <simon@thekelleys.org.uk>)
	id 1NMmWa-0006XZ-Bq
	for Francis.Dupont@fdupont.fr; Mon, 21 Dec 2009 17:58:28 +0000
Received: from spike.thekelleys.org.uk ([192.168.0.163])
	by thekelleys.org.uk with asmtp (Exim 3.36 #1 (Debian))
	id 1NMmWZ-00038G-00
	for <Francis.Dupont@fdupont.fr>; Mon, 21 Dec 2009 17:58:27 +0000
Message-ID: <4B2FB743.5040609@thekelleys.org.uk>
Date: Mon, 21 Dec 2009 17:58:27 +0000
From: Simon Kelley <simon@thekelleys.org.uk>
User-Agent: Mozilla-Thunderbird 2.0.0.22 (X11/20090706)
MIME-Version: 1.0
To: Francis Dupont <Francis.Dupont@fdupont.fr>
Subject: Re: dnsmasq and DNSSEC
References: <200912210949.nBL9nJHG084025@givry.fdupont.fr>
In-Reply-To: <200912210949.nBL9nJHG084025@givry.fdupont.fr>
X-Enigmail-Version: 0.95.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Francis Dupont wrote:
> As you know DNSSEC is coming (the root will be signed next year).
> The default edns-packet-max option is 1280, a conservative value
> from RFC 2671 (EDNS 0 specs). IMHO it should be raise to the usual
> maximum, 4096, in new distribs.
> Note:
>  - the 1280 value should be large enough to avoid most truncation
>   issues i.e. the 4096 is for margin/uncommon cases.
>  - the real value is in the hands of the client on the "LAN side":
>   if some problems with fragmentation are expected, it can use
>   a moderate value for the announced UDP payload size.
>   The idea is dnsmasq should not limit the client rewriting this
>   value to something lower.
>  - of course dnsmasq can be run with "-P 4096" i.e. with
>   an overwritten default.
> 
> Thanks
> 
> Francis.Dupont@fdupont.fr
> 
> PS: I can open a discussion in a DNS IETF mailing list if you are not
> convinced by my argument. RFC 2671 can be clarified too.
> 

Thanks for that. Doing some research, I found that this is covered in
RFC 5625, which indeed recommends 4096. I've changed the default for the
next release.

Checking through 5625, dnsmasq already does what is recommended in every
other respect except one (it's allowed to change the query-ID in signed
DNS packets.) I've fixed that too.


Cheers,

Simon.

------- End of Forwarded Message