> > it seems odd to me to recommend that auth DNS servers should take > steps to avoid fragmentation of responses (sec 4.1) while no such > recommendation exists for recursive resolvers (sec 4.2). To avoid the > issues with fragmentation and IPv6 the measures proposed in draft- > ietf-dnsop-avoid-fragmentation should apply to recursive resolvers as > well as auth servers.
dig +dnssec AAAA creagneruvOwsebsyavdicDibHocNievVusDyolryntikduWubPyheaveetGear.creagne ruvOwsebsyavdicDibHocNievVusDyolryntikduWubPyheaveetGear.creagneruvOwse bsyavdicDibHocNievVusDyolryntikduWubPyheaveetGear.creagneruvOwsebsyavdi cDibHocNievVusDyolryntiuWubGear.wybt.net AL5DBzICSGhKkUQHCABFAAFCwYAAAEARpRLDv8XFw7/F0+JeADUBLldDrGEBIAABAAAAAAA BP2NyZWFnbmVydXZPd3NlYnN5YXZkaWNEaWJIb2NOaWV2VnVzRHlvbHJ5bnRpa2R1V3ViUH loZWF2ZWV0R2Vhcj9jcmVhZ25lcnV2T3dzZWJzeWF2ZGljRGliSG9jTmlldlZ1c0R5b2xye W50aWtkdVd1YlB5aGVhdmVldEdlYXI/Y3JlYWduZXJ1dk93c2Vic3lhdmRpY0RpYkhvY05p ZXZWdXNEeW9scnludGlrZHVXdWJQeWhlYXZlZXRHZWFyNGNyZWFnbmVydXZPd3NlYnN5YXZ kaWNEaWJIb2NOaWV2VnVzRHlvbHJ5bnRpdVd1YkdlYXIEd3lidANuZXQAABwAAQAAKRAAAA CAAAAMAAoACN8kbpsmGGJt tfiebig@rincewind ~ % echo 'AL5DBzICSGhKkUQHCABFAAFCwYAAAEARpRLDv8XFw7/F0+JeADUBLldDrGEBIAABAAAAAA ABP2NyZWFnbmVydXZPd3NlYnN5YXZkaWNEaWJIb2NOaWV2VnVzRHlvbHJ5bnRpa2R1V3ViU HloZWF2ZWV0R2Vhcj9jcmVhZ25lcnV2T3dzZWJzeWF2ZGljRGliSG9jTmlldlZ1c0R5b2xy eW50aWtkdVd1YlB5aGVhdmVldEdlYXI/Y3JlYWduZXJ1dk93c2Vic3lhdmRpY0RpYkhvY05 pZXZWdXNEeW9scnludGlrZHVXdWJQeWhlYXZlZXRHZWFyNGNyZWFnbmVydXZPd3NlYnN5YX ZkaWNEaWJIb2NOaWV2VnVzRHlvbHJ5bnRpdVd1YkdlYXIEd3lidANuZXQAABwAAQAAKRAAA ACAAAAMAAoACN8kbpsmGGJt'| base64 -d | wc -c 336 > It would also be informative for the draft to include some analysis > of recursive resolver behaviour on UDP timeout in a dual stack > scenario. Should a recursive resolver retry the query using the other > protocol (and take another <timeout> interval if the server is non- > responsiver?) Or should the recursive resolver simply move on to the > next authoritative server for the name being queries? A similar > question exists for TCP connection attempt timeouts. I would argue that this is out-of-scope for the current draft, as it goes deep into HE territory (see, also, the recent shot at HE3 that introduced protocol selection aspects). But I am happy to hear more views on this. With best regards, Tobias _______________________________________________ DNSOP mailing list -- dnsop@ietf.org To unsubscribe send an email to dnsop-le...@ietf.org
