cet1 at cam.ac.uk
Tue May 18 13:49:04 UTC 2010
On May 18 2010, Stephane Bortzmeyer wrote:
>Their network setup has been broken for ten years (when EDNS was introduced)
>and DNSSEC is just a lame excuse.
So were vast numbers of other sites, as their brokenness didn't become
apparent until DNSSEC started being used.
We were running EDNS-enabled nameservers for ages with such a "broken"
network configuration: non-initial UDP fragments were being dropped at
the border router to the university network (in response to some ancient
DoS scare). It took DNSSEC (the IANA testbed, in particular) for us (well,
Tony Finch, actually) to notice.
Chris Thompson University of Cambridge Computing Service,
Email: cet1 at ucs.cam.ac.uk New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715 United Kingdom.
More information about the dns-operations