On Friday, 17 April 2020 22:48:08 UTC Mark Andrews wrote: > ... > > Or we could adopt the well known TSIG approach and defeat > fragmentation attacks that way. This works for both IPv4 and IPv6.
fragmentation's harms extend well beyond dns integrity vulnerabilities. i should not have proposed fragmentation in EDNS, and now we have to go undo that part and start again on the datagram size tension headache. see here: https://tools.ietf.org/html/draft-fujiwara-dnsop-avoid-fragmentation-02 -- Paul _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations