[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

v6 DNSSEC fail, was Buying IPv4 blocks

Subject: v6 DNSSEC fail, was Buying IPv4 blocks
From: johnl at iecc.com (John Levine)
Date: 4 Oct 2018 21:07:21 -0400
In-reply-to: <[email protected]>

In article <60afb948-5f6d-8ea8-00c9-6d4d92ff0269 at forfun.net>,
Marco Davids via NANOG <mdavids at forfun.net> wrote:
>> Even if you do have v6, some things like DNSSEC don't work very well
>> if you can't do them over v4.
>
>Is that so?

Yeah, V6 UDP fragmentation and anycast are bad news.  You can sort of
fix it by doing all your v6 DNSSEC DNS queries over TCP but it's a lot
easier to stick to v4.

Geoff Huston has written about this a lot and it's a well known problem
in the DNS community.  I'm surprised if it's news to anyone here.

https://blog.apnic.net/2017/08/22/dealing-ipv6-fragmentation-dns/

Follow-Ups:
- v6 DNSSEC fail, was Buying IPv4 blocks
  - From: mark.tinka at seacom.mu (Mark Tinka)

References:
- Buying IPv4 blocks
  - From: mdavids at forfun.net (Marco Davids)

Prev by Date: bloomberg on supermicro: sky is falling
Next by Date: bloomberg on supermicro: sky is falling
Previous by thread: Buying IPv4 blocks
Next by thread: v6 DNSSEC fail, was Buying IPv4 blocks
Index(es):
- Date
- Thread