>When implementing DNS Cookies, several DNS vendors found that >impractical as the Client Cookie is typically computed before the Client >IP address is known. Therefore, the requirement to put Client IP address >as input to was removed,
In Section 4.4, the client IP is added to the hash in the creation of the server cookie. I wonder what happens if a client alternates between different IP addresses, for example, the client has multiple interfaces, the client has multiple IPv6 prefixes on a single interface or a CGNAT device regards different DNS requests as independent UDP flows and assigns them to different parts of a CGNAT system. It is possible that in those cases, a server would force a client to retry for every request. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop