Unless he means EDNS for dnssec lookups, and not transfers, thats UDP....
The problem I had in the past was zone transfer to dns.he.net.
I am running master dns with Windows Server 2008 R2 and dns.he.net as slaves. The zone never gets updated without setting MTU=1280 on the router LAN interface (where the master DNS is). Wireshark on the master server shows that for every axfr attempt after tcp handshake and I get a ICMPv6 packet too large(payload was like 1292) for the axfr response, MTU recommended 1280. But the packet resent is exactly the same as the original, but this time I don't see ICMPv6 Packet Too Big. Unless Wireshark is doing something wrong, I don't get why PMTUD didn't change MTU and why I didn't see ICMPv6 Packet Too Big this time... I remember Wiresharking complanting something about packet size exceeding capture limit tho.
That's what gets me confused.
modifying MSS can be done with ip6tables? Does it have a big performance impact on the router (say like 20000 concurrent connections)?