[dns-operations] EDSN0 fallback in the era of DNSSEC
David C Lawrence
tale at akamai.com
Mon Apr 29 14:53:22 UTC 2013
Paul Hoffman writes:
> Retrying queries without EDNS0 seems sensible before deployment of DNSSEC.
> Is that still the case now that DNSSEC is more widely deployed?
Yes, just not in this case. We definitely still see broken setups
where the no-EDNS0 fallback is necessary to get an answer.
I agree with Bert in that if a domain indicates it needs DNSSEC, then
the resolver shouldn't send itself down a path where it can't get the
answers it needs.
More information about the dns-operations