Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

A UDP dns response will be truncated if it is longer than 512 bytes.

If you want more stuff you have to use TCP and that is not very preferable.




False. IP fragmentation allows the size of a single UDP DNS response to be up to 65535 bytes, regardless of the network MTU.


The great majority of networks out in the world discard UDP DNS packets bigger than 512 bytes. Firewall admins do it, DNS admins do it, application proxies do it, birds do it, bees do it, even educated fleas do it....

As far as the 65535 limit, from RFC 2671:

  4.5.5. Due to transaction overhead, it is unwise to advertise an
       architectural limit as a maximum UDP payload size.  Just because
       your stack can reassemble 64KB datagrams, don't assume that you
       want to spend more than about 4KB of state memory per ongoing
       transaction.


It does not have to to with link, udp or ip it is a limitation of the dns spec.

Here is a extention that "fixes" it: https://tools.ietf.org/html/draft-ietf-dnsind-udp-size-02 I have not seen that spec extention implemented in the wild. I just found the extention so I have on the other side not looked for it.


EDNS(0) allows for larger responses and is both commonly implemented and widely deployed.

http://tools.ietf.org/html/rfc6891




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: