[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

v6 DNSSEC fail, was Buying IPv4 blocks

Subject: v6 DNSSEC fail, was Buying IPv4 blocks
From: mark.tinka at seacom.mu (Mark Tinka)
Date: Fri, 5 Oct 2018 07:12:26 +0200
In-reply-to: <[email protected]>
References: <[email protected]>


On 5/Oct/18 03:07, John Levine wrote:

> Yeah, V6 UDP fragmentation and anycast are bad news.  You can sort of
> fix it by doing all your v6 DNSSEC DNS queries over TCP but it's a lot
> easier to stick to v4.
>
> Geoff Huston has written about this a lot and it's a well known problem
> in the DNS community.  I'm surprised if it's news to anyone here.
>
> https://blog.apnic.net/2017/08/22/dealing-ipv6-fragmentation-dns/

In BIND, I think this can be solved by using the "minimal-responses" knob.

Mark.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20181005/6ddd0704/attachment.html>

Follow-Ups:
- v6 DNSSEC fail, was Buying IPv4 blocks
  - From: marka at isc.org (Mark Andrews)

References:
- v6 DNSSEC fail, was Buying IPv4 blocks
  - From: johnl at iecc.com (John Levine)

Prev by Date: Oct. 3, 2018 EAS Presidential Alert test
Next by Date: v6 DNSSEC fail, was Buying IPv4 blocks
Previous by thread: v6 DNSSEC fail, was Buying IPv4 blocks
Next by thread: v6 DNSSEC fail, was Buying IPv4 blocks
Index(es):
- Date
- Thread