It appears that Wessels, Duane <dwess...@verisign.com> said: >> the full response. Not all networks properly transport DNS over TCP >> and some DNS software mistakenly believe TCP support is optional >> ([RFC9210]). > >I have mixed feelings about this. While perhaps factually true, I think >broken DNS-over-TCP shouldn’t be a reason for >not lumping validation records together. There are other valid reasons to >avoid that practice and networks with broken >DNS-over-TCP shouldn’t be coddled.
DNS over TCP works fine and has for a long time. That ship has sailed. The TXT response for stanford.edu is 3900 bytes, for harvard.edu is 3016, cmu.edu is 3699. If their DNS weren't working, you'd think one of them would have noticed. There are reasons not to load up your apex with junk but DNS failure is not one of them. R's, John _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
