Today, a number of major DNS services and DNS server manufacturers will hold a joint event
Members of the DNS flag day 2020 initiative are calling for the recommended buffer sizes for EDNS to be fixed at 1232 bytes (MTU size 1280 minus 48 bytes for headers), and
The proposed changes will eliminate confusion with the choice of EDNS buffer size and solve the problem of fragmentation of large UDP messages, the processing of which often leads to packet loss and timeouts on the client side. On the client side, the EDNS buffer size will be constant, and large responses will immediately be sent to the client over TCP. Avoiding sending large messages over UDP will also solve problems with large packet drops on some firewalls and allow blocking
Starting today, participating DNS providers, including CloudFlare, Quad 9, Cisco (OpenDNS), and Google,
Ultimately, the changes introduced may lead to resolution problems when accessing DNS servers whose DNS responses over UDP exceed 1232 bytes and which cannot send a response over TCP. An experiment conducted at Google showed that changing the size of the EDNS buffer has little to no effect on the failure rate - with a buffer of 4096 bytes, the number of truncated UDP requests is 0.345%, and the number of unreachable retransmissions over TCP is 0.115%. With a buffer of 1232 bytes, these figures are 0.367% and 0.116%. Making TCP support a mandatory feature of DNS will result in problems when interacting with about 0.1% of DNS servers. It is noted that in modern conditions without TCP, the operation of these servers is already unstable.
Administrators of authoritative DNS servers should ensure that their server is responding over TCP on network port 53 and that this TCP port is not being blocked by a firewall. An authoritative DNS server should also not send UDP responses larger than
requested EDNS buffer size. On the server itself, the EDNS buffer size must be set to 1232 bytes. The resolvers are subject to approximately the same requirements - the mandatory ability to respond via TCP, the mandatory support for sending repeated requests via TCP when receiving a truncated UDP response, and setting the EDNS buffer to 1232 bytes.
The following parameters are responsible for setting the EDNS buffer size in different DNS servers:
options {
edns-udp-size 1232;
max-udp-size 1232;
};
max-udp-payload: 1232
net.bufsize(1232)
udp-truncation-threshold=1232
edns-outgoing-bufsize=1232
udp-truncation-threshold=1232
edns-buffer-size: 1232
ipv4-edns-size: 1232
ipv6-edns-size: 1232
Source: opennet.ru