Badly worded of mine... Firewalls drop/dropped EDNS0 packets which was the core issue
-éric On 07/07/16 03:35, "Ray Bellis" <[email protected]> wrote: > > >On 07/07/2016 10:31, Benoit Claise wrote: > >> Based on my operational experience, I have seen multiple DNSSEC >> packets dropped by firewalls because they try to use EDNS0 rather >> than fragmenting. Does your I-D also address this issue? > >This is the wrong way around - EDNS *relies upon* fragmentation working. > >Absent EDNS, the response would be constrained to the original RFC 1035 >limit of 512 octets. > >Ray _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
