Re: [DNSOP] 答复: Fwd: I-D Action: draft-song-atr-large-resp-00.txt

Paul Vixie <> Thu, 21 September 2017 04:50 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 1F1DF1342C2 for <>; Wed, 20 Sep 2017 21:50:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 61WziwjRHOP5 for <>; Wed, 20 Sep 2017 21:50:25 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id DF54C124239 for <>; Wed, 20 Sep 2017 21:50:25 -0700 (PDT)
Received: from [] ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by (Postfix) with ESMTPSA id D1EC161FA2; Thu, 21 Sep 2017 04:50:24 +0000 (UTC)
Message-ID: <>
Date: Wed, 20 Sep 2017 21:50:24 -0700
From: Paul Vixie <>
User-Agent: Postbox 5.0.19 (Windows/20170908)
MIME-Version: 1.0
To: "\"Davey Song(宋林健)\"" <>
CC: 'william manning' <>, 'Davey Song' <>, 'dnsop' <>
References: <> <> <> <045b01d33288$d3fadad0$7bf09070$@cn>+5DE3FF4CB4E4721A
In-Reply-To: <045b01d33288$d3fadad0$7bf09070$@cn>+5DE3FF4CB4E4721A
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <>
Subject: Re: [DNSOP] 答复: Fwd: I-D Action: draft-song-atr-large-resp-00.txt
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 21 Sep 2017 04:50:27 -0000

Davey Song(宋林健) wrote:
> Thank you.
> The large DNS response in IPv6 is a real problem. ATR is one option
> to adopted in authoritative  server alone. If someone or party have
> more influence on both resolver and authoritative side (cloud and app
> provider who can choose their own DNS resolution path),  Mukund’s
> proposal to fragment the DNS message is a good
> solution.

both ideas are wrong. what we have to do is arrange to fragment, using 
the ipv6 extension header, all ipv6 udp, for a period of not less than 
five years. noone who blocks ipv6 extension headers should be able to 
get reliable ipv6 udp services. we have to make this problem felt where 
it is made. we must NOT work around it to insulate the makers of the 
problem from the costs of their actions.

> So I do recommend ATR and DNS message fragments should be both
> considered  in a tool box for large DNS response issues.

can a freebsd kernel hacker please contact me? i need some patches, but 
i'm traveling extensively, and i can't do the investigation and software 
engineering myself.

P Vixie