On Sun, 8 Mar 2015, Brian Dickson wrote:
Given the diagnostic value of "any" (and similarly "RRSIG" et al), I would prefer deprecation of only the UDP version, via mechanisms that are "dig"-friendly.
A better description would be to require "source IP verification", so that eastlake-cookies are also an accepted method. Of course, it won't really help amplifications via open resolvers that will just actually switch to source IP verification transport. Paul _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop