Dear list,

My production machine - running NetBSD 1.5.2 - also runs apache and
serves a few dozen web sites.

It has come to my attention recently that a very few people cannot
get to any of the sites on this server.  Tracking this down, I have
found that the server is sending out packets that are too large.
The MTU in use when serving up data is in the 1400+ range, and with
network paths that only allow smaller MTUs, this does not work because
the endpoints do not handle fragments very well (at all).

The plot thickens...

I also have another machine on the same ethernet switch that works fine
with these same people who cannot get to the main web server.  Tcpdump
tells me that the packets being served from this NetBSD machine are
512 bytes max.

My question:

My reading of the RFCs and of Richard Stevens tells me that the packets
destined for the "nonlocal" network should default to a max MTU of 512 (536).
1.6.1 seems to do this, but 1.5.2 does not.

Can anyone can tell me if this is a bug, or something I need to do something
about.  Is there a sysctl setting I can set to make this work "correctly".

I have also learned that MTU path discovery is an option, but this is not
on by default, and I am a little afraid of it.  Are there any good reasons
not to enable this on a web server - a fairly busy one?

Thanks for any help you can provide,

-dgl-