In article <[email protected]>, Marco Davids via NANOG <[email protected]> wrote: >> Even if you do have v6, some things like DNSSEC don't work very well >> if you can't do them over v4. > >Is that so?
Yeah, V6 UDP fragmentation and anycast are bad news. You can sort of fix it by doing all your v6 DNSSEC DNS queries over TCP but it's a lot easier to stick to v4. Geoff Huston has written about this a lot and it's a well known problem in the DNS community. I'm surprised if it's news to anyone here. https://blog.apnic.net/2017/08/22/dealing-ipv6-fragmentation-dns/
