Ray,
Joel has already responded regarding DNSSEC. However, I would like to add a
word regarding PMTUD brokenness.
If the bad operator behavior to which you refer is the filtering of ICMP PTB
messages, that bad behavior will break IPv6 fragmentation to the same degree
that it breaks PMTUD. So, keeping IPv6 fragmentation around won't help very
much.
Ron
> -----Original Message-----
> From: Ray Hunter [mailto:v6...@globis.net]
> Sent: Friday, June 21, 2013 1:04 PM
> To: Ronald Bonica
> Cc: Tassos Chatzithomaoglou; ipv6@ietf.org 6man-wg
> Subject: Re: RE: FW: New Version Notification for draft-bonica-6man-
> frag-deprecate-00.txt
>
> I have also read this draft.
>
> It mentions that DNSSEC will be impacted.
>
> What's the alternative if DNSSEC can't send multiple UDP fragments?
>
> Isn't expecting a busy DNS server to maintain TCP session state for
> every single query going to be prohibitively expensive?
> Leading to even bigger DoS worries than fragmentation apparently
> causes?
>
> Isn't using TCP for all DNS queries going to considerably slow down the
> name resolution process, which will impact all applications?
> (multiple RTT for the connection establishment and teardown if you
> clean up properly)
>
> Since PMTUD is also currently pretty broken in practice, also due to
> "Operator Behavior" and filtering of ICMPv6 in firewalls, doesn't this
> memo effectively state that IPv6 = 1280 octets?
>
> regards,
> RayH
>
> Ronald Bonica wrote:
> > Hi Tassos,
> >
> > Thanks for reviewing the draft. Could you provide more detail on what
> is missing?
> >
> > Ron
>
--------------------------------------------------------------------
IETF IPv6 working group mailing list
ipv6@ietf.org
Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
