Is there a need for clients to advertize the capabilities for DNS Responses over TCP

Warren Kumari warren at
Fri Sep 15 13:22:14 UTC 2017

On Fri, Sep 15, 2017 at 3:37 AM, Harshith Mulky
<harshith.mulky at> wrote:
> Hello Experts,
> I had a query on advertising the payload size on client in DNS Responses
> over UDP/TCP
> This is as much I have understood from RFC 6891, that a requester(client)
> can address his capabilities to restrict the UDP Payload size to a limit
> between 512 to 4096 bytes based on his limitation when supporting EDNS
> Procedures.
> Is it the same case with TCP?
> Can we(client) advertize our capabilities over TCP to limit the payload size
> in Responses?

What is it that you are actually trying to accomplish / why?
I'm going to assume that this is to deal with some sort of brokenness
and not just idle curiosity[0].

If you are actually experiencing issues with DNS over TCP it is most
likely that you have some sort of broken path MTU discovery issue, and
have a lower than expected MTU (this is likely also affecting other
applications), but it could also be some broken middle box -- for
example Cisco PIX has some, er, interesting DNS TCP artifacts:
"Customers with NAT configured on a Cisco IOS device may experience
issues receiving large DNS query response messages when TCP is used as
the transport. Cisco IOS NAT does not have support for reassembling
TCP segments. The lack of support for TCP segment reaasembly is a
well-known issue that is documented under the question "Q. What is the
difference between IP fragmentation and TCP segmentation?" at the
following link:

Anyway, without knowing more it is tricky to know what your actual
issue is, but a: fixing pMTUd by making sure ICMP is allowed would
likely be helpful, or b: decreasing the MTU / MSS to your actual MTU
may help.

[0]: Which is also fine, but I needed to start somewhere.

> Thanks
> Harshith
> _______________________________________________
> Please visit to
> unsubscribe from this list
> bind-users mailing list
> bind-users at

I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.

More information about the bind-users mailing list