nanog mailing list archives

Re: pay.gov and IPv6

From: Florian Weimer <fw () deneb enyo de>
Date: Fri, 18 Nov 2016 19:11:06 +0100

* Mark Andrews:

The DNSSEC testing is also insufficient.  9-11commission.gov shows
green for example but if you use DNS COOKIES (which BIND 9.10.4 and
BIND 9.11.0 do) then servers barf and return BADVERS and validation
fails.  QWEST you have been informed of this already.

Why the hell should validating resolver have to work around the
crap you guys are using?


The protocol doesn't have proper version negotation, and again and
again, implementers have tried to force backwards-incompatible
implementations on the Internet at large.

Current thread:

Re: pay.gov and IPv6, (continued)
- - - Re: pay.gov and IPv6 Lee (Nov 18)
    - Re: pay.gov and IPv6 Carl Byington (Nov 18)
    - Re: pay.gov and IPv6 JORDI PALET MARTINEZ (Nov 18)
    - Re: pay.gov and IPv6 JORDI PALET MARTINEZ (Nov 20)
    - Re: pay.gov and IPv6 Carl Byington (Nov 20)
    - Re: pay.gov and IPv6 Mark Andrews (Nov 20)
    - Re: pay.gov and IPv6 Carl Byington (Nov 20)
    - Re: pay.gov and IPv6 JORDI PALET MARTINEZ (Nov 20)
    - Re: pay.gov and IPv6 joel jaeggli (Nov 21)
    - Re: pay.gov and IPv6 Sean Donelan (Nov 18)
    - Re: pay.gov and IPv6 Florian Weimer (Nov 18)
    - Re: pay.gov and IPv6 Mark Andrews (Nov 18)
  - Re: pay.gov and IPv6 Jared Mauch (Nov 16)
  - Re: pay.gov and IPv6 JORDI PALET MARTINEZ (Nov 16)