[dns-operations] EDNS with IPv4 and IPv6 (DNSSEC or large answers)

Franck Martin fmartin at linkedin.com
Sat Sep 13 09:37:52 UTC 2014

I’m trying to figure out EDNS with UDP fragmentation on both IPv4 and IPv6 network.

My understanding is that UDP fragmentation is something frown upon in IPv4 and even more on IPv6 (because of processing power needed, and security concerns)?

What is the recommended setup for EDNS?
-limit size to <1500? on both IPv4 and IPv6?
-allow UDP fragmentation on IPv4 and IPv6, how securely?

How does that play with DNSSEC large data records? I have seen that with some low TTL, bind tends not to fallback (from 4096 to 512) fast enough often to return an answer within the time allocated.

Any good documentation, pointers?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20140913/9ddaffb1/attachment.sig>

More information about the dns-operations mailing list