Mark Andrews wrote on 2019-03-01 12:00:
Or one can use TSIG with a well known key to get a cryptograph hash of the response. ...
i prefer this approach. no matter how bad fragmentation was in V4 and no matter how much worse it is in V6, we must not lock ourselves into packets whose size is computed from the analog properties of 10Mbit ethernet (1500) minus a whole bunch of witch-craft fudge factors. i expect to live until around 2050, and by that time i'd like to use a LAN max packet size that's only 1/15000th of capacity (as 10Mbit ethernet had), and to either use smaller packets when forwarding through a WAN gateway, or make fragmentation possible, which V6 has unintentionally made presently impossible.
-- P Vixie _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
