Paul Hoffman writes: > Retrying queries without EDNS0 seems sensible before deployment of DNSSEC. > Is that still the case now that DNSSEC is more widely deployed?
Yes, just not in this case. We definitely still see broken setups where the no-EDNS0 fallback is necessary to get an answer. I agree with Bert in that if a domain indicates it needs DNSSEC, then the resolver shouldn't send itself down a path where it can't get the answers it needs. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
