DNS/毒盛/フラグメント/glibcについて、ここに記述してください。
https://sourceware.org/bugzilla/show_bug.cgi?id=21361#c0
Florian Weimer 2017-04-07 14:30:37 UTC
When ENDS0 is enabled, glibc currently requests large DNS responses over UDP (up to 65536 bytes).
- This is problematic because the randomized transaction ID and source port randomization both protect only the first fragment in a response.
As a partial countermeasure, the stub resolver should lower the advertised buffer size to 1200 bytes (IPv6 minimum MTU of 1280 minus some tunnel overhead). With some cooperation from the server, this should avoid fragmentation.
Reported: 2017-04-07 14:30 UTC by Florian Weimer Modified: 2017-08-02 13:57 UTC (History)
反映されるまでこんなにかかるものか。(それもただの回避策だから、他の方法を探していたと思うことに使用)