[dns-operations] EDNS with IPv4 and IPv6 (DNSSEC or large answers)
Roland Dobbins
rdobbins at arbor.net
Sat Sep 13 10:24:22 UTC 2014
On Sep 13, 2014, at 4:37 PM, Franck Martin <fmartin at linkedin.com> wrote:
> My understanding is that UDP fragmentation is something frown upon in IPv4 and even more on IPv6 (because of processing power needed, and security concerns)?
No. IP fragmentation is a normal part of TCP/IP communications across the Internet. It isn't something to actively wish for, but it's perfectly normal.
> -limit size to <1500? on both IPv4 and IPv6?
No.
> -allow UDP fragmentation on IPv4 and IPv6, how securely?
Yes, allow it; there's no security issue. This is a myth originating with clueless vendors in the mid-1990s, and propagated today Confused Information Systems Security Professionals (CISSPs) and their ilk.
> Any good documentation, pointers?
Slide 153 of this deck:
<https://app.box.com/s/r7an1moswtc7ce58f8gg>
----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Equo ne credite, Teucri.
-- Laocoön
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 243 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20140913/364e9f06/attachment.sig>
More information about the dns-operations
mailing list