[76984] in North American Network Operators' Group
Broken PMTUD for . + TLD servers, was: Re: Smallest Transit MTU
daemon@ATHENA.MIT.EDU (Iljitsch van Beijnum)
Sun Jan 9 16:52:18 2005
In-Reply-To: <20050105163905.GA84805@cluecentral.net>
Cc: nanog@merit.edu
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Sun, 9 Jan 2005 22:51:45 +0100
To: Sabri Berisha <sabri@cluecentral.net>
Errors-To: owner-nanog-outgoing@merit.edu
On 5-jan-05, at 17:39, Sabri Berisha wrote:
>> Are there any common examples of the DF bit being set on non-TCP
>> packets?
[...]
> Here you go. A root-nameserver setting the DF-bit on its replies :)
This is very bad.
With a 296 byte MTU I don't get answers from
(a|b|h|j).root-servers.net, *.gtld-servers.net, tld2.ultradns.net and
some lesser-known ccTLD servers.
I would have thought this impossible, but seeing is believing...
Fortunately, this problem won't present itself with regular smaller
MTUs, the MTU has to be smaller than around 500 bytes. I haven't tested
whether these servers also suffer from the "regular" PMTUD problem
where the ICMP messages are ignored, but I'm assuming they don't, so
doing all of this over TCP should still work.
