On Mon, Jul 28, 2014 at 08:24:59AM -0400, Fernando Gont <[email protected]> wrote a message of 43 lines which said:
> The packet drop rates range from 10% to over 50%, depending on the > dataset Annoying. > This essentially raises the question of "What's the plan for > transporting DNS queries/responses in IPv6?" Why do we need a plan? We serve DNS over IPv6 for now ten years and it works (not "I think it works" but "it is monitored so I'm certain it works"). The problem with extension headers is annoying but, today, they are not used (of course, it's partially a chicken and egg problem, similar to the problm of IPv4 options: they are not transported reliably so people don't use them, so there is no motivation to make them reliable, etc). > Quite a few folks usually argue "oh, that's simple: we'll use TCP", There are many good reasons to use TCP but, in that case, I do not see why we need it. First, IPv6 users typically don't use extension headers and, second, if the problem is in IP, why would changing from UDP to TCP work? > does popular DNS server software implement mitigations for TCP-based > attacks?" (zero-windows, FIN-WAIT-X flooding, etc.) Is it something that should be done in every application, and not in TCP itself? _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
