On 07/07/2016 10:31, Benoit Claise wrote:
> Based on my operational experience, I have seen multiple DNSSEC > packets dropped by firewalls because they try to use EDNS0 rather > than fragmenting. Does your I-D also address this issue? This is the wrong way around - EDNS *relies upon* fragmentation working. Absent EDNS, the response would be constrained to the original RFC 1035 limit of 512 octets. Ray _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
