MoinQ: DNS/RFC/3226

DNS/RFC3226について、ここに記述してください。

http://www.arkko.com/tools/allstats/citations-rfc3226.html

このRFCは有効なんですかねえ。 --> RFC 4033, 4034, 4035

• IPv4でDNSSEC関係なしの人にも多大な影響を与えるのですが、作成当時には考慮されなかったらしい。

タイトルを見て、IPv6でA6を使っていなければ、関係ないのかと思っていた。-- ToshinoriMaeno 2012-03-10 00:41:49

• そうでもないような。

Network Working Group                                     O. Gudmundsson
Request for Comments: 3226                                 December 2001
Updates: 2874, 2535
Category: Standards Track


   DNSSEC and IPv6 A6 aware server/resolver message size requirements

Abstract

   This document mandates support for EDNS0 (Extension Mechanisms for
   DNS) in DNS entities claiming to support either DNS Security
   Extensions or A6 records.  This requirement is necessary because
   these new features increase the size of DNS messages.  If EDNS0 is
   not supported fall back to TCP will happen, having a detrimental
   impact on query latency and DNS server load.  This document updates
   RFC 2535 and RFC 2874, by adding new requirements.

3.  Protocol changes:

   This document updates RFC 2535 and RFC 2874, by adding new
   requirements.

   All RFC 2535 compliant servers and resolvers MUST support EDNS0 and
   advertise message size of at least 1220 octets, but SHOULD advertise
   message size of 4000.  This value might be too low to get full
   answers for high level servers and successor of this document may
   require a larger value.

   All RFC 2874 compliant servers and resolver MUST support EDNS0 and
   advertise message size of at least 1024 octets, but SHOULD advertise
   message size of 2048.  The IPv6 datagrams should be 1024 octets,
   unless the MTU of the path is known.  (Note that this is smaller than
   the minimum IPv6 MTU to allow for some extension headers and/or
   encapsulation without exceeding the minimum MTU.)

   All RFC 2535 and RFC 2874 compliant entities MUST be able to handle
   fragmented IPv4 and IPv6 UDP packets.

   All hosts supporting both RFC 2535 and RFC 2874 MUST use the larger
   required value in EDNS0 advertisements.

RFC 2874準拠の全サーバ・リゾルバは、EDNS0をサポートし、最低1024オクテットの
   メッセージサイズを広報しなければならない(MUST)。しかし2048オクテットの
   メッセージサイズを広報すべきである(SHOULD)。IPv6データグラムは、パスMTUが
   明らかでない限り1024オクテットにすべきである。(この値は、IPv6の最小MTUを
   超えずに拡張ヘッダ適用やカプセル化を可能とするために、IPv6 最小MTUより
   小さくなっていることに注意してもらいたい)。

1. RFC2874

DNS Extensions to Support IPv6 Address Aggregation and Renumbering

http://labs.ripe.net/Members/anandb/content-testing-your-resolver-dns-reply-size-issues

手元のubuntu 11.04 beta でのテスト　（unbound キャッシュ）

$ dig +short rs.dns-oarc.net txt
rst.x3827.rs.dns-oarc.net.
rst.x3837.x3827.rs.dns-oarc.net.
rst.x3843.x3837.x3827.rs.dns-oarc.net.
"218.110.155.92 DNS reply size limit is at least 3843"
"218.110.155.92 sent EDNS buffer size 4096"
"Tested at 2011-04-27 09:52:46 UTC"

dnscache だと、

%dig +short rs.dns-oarc.net txt                                         ~
rst.x476.rs.dns-oarc.net.
rst.x485.x476.rs.dns-oarc.net.
rst.x490.x485.x476.rs.dns-oarc.net.
"202.41.218.243 DNS reply size limit is at least 490"
"202.41.218.243 lacks EDNS, defaults to 512"
"Tested at 2011-04-27 10:11:02 UTC"

http://www.soi.wide.ad.jp/class/20060033/slides/06/index_bar.html