In message <20081009151332.GA23819@nic.fr>, Stephane Bortzmeyer writes:
> On Thu, Oct 09, 2008 at 09:49:57AM -0400,
> jeff donovan wrote
> a message of 29 lines which said:
>
> > i have been noticing my firewall denying udp packets that exceed
> > 512.

>
> Very bad idea. It will prevent any DNS feature younger than twelve
> years (DNSSEC, IDN, IPv6).
>
> > What is the correct packet size ,

>
> 64k, the maximum size of an UDP packet.


A better answer is the maximun of whatever EDNS UDP sizes
your nameservers and other DNS clients advertise. Named
will advertise a size up to 4096 bytes, which is also the
default.

See RFC 2671 and edns-udp-size in named.conf.

Network Working Group P. Vixie
Request for Comments: 2671 ISC
Category: Standards Track August 1999

Extension Mechanisms for DNS (EDNS0)

Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org