On 10/11/2017 01:32 PM, Theo de Raadt wrote: > But I don't use "family inet6 inet4" in resolv.conf or any other such > logic, so I don't want my machines booting slower to satisfy the > problem... and I doubt anyone else does either. That is likely the > only circumstance where this problem happens -- > > Because I understand people have made DNS servers return different > results if the request comes in over IPV6. That is obviously an > agenda-driven campaign which breaks the original promise that the > data over transport would produce identical results. It breaks > things in subtle ways, no surprise.
The combination of larger responses because of AAAA records and DNSsec, plus the fact that IPv6 Extension Headers (including fragmentation) works so bad (RFC7872) on the public Internet, makes me (and a bunch of other people) wonder to what extent we'll be able to rely on IPv6 for DNS transport. -- Fernando Gont e-mail: ferna...@gont.com.ar || fg...@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
