I have also read this draft. It mentions that DNSSEC will be impacted.
What's the alternative if DNSSEC can't send multiple UDP fragments? Isn't expecting a busy DNS server to maintain TCP session state for every single query going to be prohibitively expensive? Leading to even bigger DoS worries than fragmentation apparently causes? Isn't using TCP for all DNS queries going to considerably slow down the name resolution process, which will impact all applications? (multiple RTT for the connection establishment and teardown if you clean up properly) Since PMTUD is also currently pretty broken in practice, also due to "Operator Behavior" and filtering of ICMPv6 in firewalls, doesn't this memo effectively state that IPv6 = 1280 octets? regards, RayH Ronald Bonica wrote: > Hi Tassos, > > Thanks for reviewing the draft. Could you provide more detail on what is > missing? > > Ron -------------------------------------------------------------------- IETF IPv6 working group mailing list ipv6@ietf.org Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
