In article <60afb948-5f6d-8ea8-00c9-6d4d92ff0...@forfun.net>, Marco Davids via NANOG <mdav...@forfun.net> wrote: >> Even if you do have v6, some things like DNSSEC don't work very well >> if you can't do them over v4. > >Is that so?
Yeah, V6 UDP fragmentation and anycast are bad news. You can sort of fix it by doing all your v6 DNSSEC DNS queries over TCP but it's a lot easier to stick to v4. Geoff Huston has written about this a lot and it's a well known problem in the DNS community. I'm surprised if it's news to anyone here. https://blog.apnic.net/2017/08/22/dealing-ipv6-fragmentation-dns/