5 Oct
2018
5 Oct
'18
5:12 a.m.
On 5/Oct/18 03:07, John Levine wrote:
Yeah, V6 UDP fragmentation and anycast are bad news. You can sort of fix it by doing all your v6 DNSSEC DNS queries over TCP but it's a lot easier to stick to v4.
Geoff Huston has written about this a lot and it's a well known problem in the DNS community. I'm surprised if it's news to anyone here.
https://blog.apnic.net/2017/08/22/dealing-ipv6-fragmentation-dns/
In BIND, I think this can be solved by using the "minimal-responses" knob. Mark.