4 Oct
2018
4 Oct
'18
9:07 p.m.
In article <60afb948-5f6d-8ea8-00c9-6d4d92ff0269@forfun.net>, Marco Davids via NANOG <mdavids@forfun.net> wrote:
Even if you do have v6, some things like DNSSEC don't work very well if you can't do them over v4.
Is that so?
Yeah, V6 UDP fragmentation and anycast are bad news. You can sort of fix it by doing all your v6 DNSSEC DNS queries over TCP but it's a lot easier to stick to v4. Geoff Huston has written about this a lot and it's a well known problem in the DNS community. I'm surprised if it's news to anyone here. https://blog.apnic.net/2017/08/22/dealing-ipv6-fragmentation-dns/