nanog mailing list archives

Re: v6 DNSSEC fail, was Buying IPv4 blocks

From: Mark Tinka <mark.tinka () seacom mu>
Date: Fri, 5 Oct 2018 07:12:26 +0200



On 5/Oct/18 03:07, John Levine wrote:

Yeah, V6 UDP fragmentation and anycast are bad news.  You can sort of
fix it by doing all your v6 DNSSEC DNS queries over TCP but it's a lot
easier to stick to v4.

Geoff Huston has written about this a lot and it's a well known problem
in the DNS community.  I'm surprised if it's news to anyone here.

https://blog.apnic.net/2017/08/22/dealing-ipv6-fragmentation-dns/


In BIND, I think this can be solved by using the "minimal-responses" knob.

Mark.

Current thread:

Re: Buying IPv4 blocks, (continued)
- Re: Buying IPv4 blocks Tyler Conrad (Oct 01)
- Re: Buying IPv4 blocks Payam Poursaied (Oct 02)
- Re: Buying IPv4 blocks John Curran (Oct 02)
- Re: Buying IPv4 blocks Ross Tajvar (Oct 04)
  - Re: Buying IPv4 blocks John Lee (Oct 04)
    - Re: Buying IPv4 blocks Ross Tajvar (Oct 04)
    - Re: Buying IPv4 blocks Matt Harris (Oct 04)
    - Re: Buying IPv4 blocks John Levine (Oct 04)
    - Re: Buying IPv4 blocks Marco Davids via NANOG (Oct 04)
    - Re: v6 DNSSEC fail, was Buying IPv4 blocks John Levine (Oct 04)
    - Re: v6 DNSSEC fail, was Buying IPv4 blocks Mark Tinka (Oct 04)
    - Re: v6 DNSSEC fail, was Buying IPv4 blocks Mark Andrews (Oct 04)
    - Re: v6 DNSSEC fail, was Buying IPv4 blocks Brandon Martin (Oct 04)
    - Re: v6 DNSSEC fail, was Buying IPv4 blocks Mark Andrews (Oct 05)
    - Re: v6 DNSSEC fail, was Buying IPv4 blocks Brandon Martin (Oct 05)
    - RE: v6 DNSSEC fail, was Buying IPv4 blocks Naslund, Steve (Oct 07)
    - Re: v6 DNSSEC fail, was Buying IPv4 blocks Brandon Martin (Oct 07)
    - Re: v6 DNSSEC fail, was Buying IPv4 blocks Bryce Wilson (Oct 09)