[dns-operations] EDNS with IPv4 and IPv6 (DNSSEC or large answers)

Roland Dobbins rdobbins at arbor.net
Tue Sep 23 21:34:00 UTC 2014

On Sep 24, 2014, at 12:16 AM, Florian Weimer <fw at deneb.enyo.de> wrote:

> Fragmentation in IPv4 is inherently insecure.

Conceptually, yes, it's a Very Bad Idea.  But given the realities of the TCP/IP we have, it's important that network operators understand that they can't filter out non-initial fragments, or they'll break the Internet for their customers.

Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

                   Equo ne credite, Teucri.

    		   	  -- Laocoön

More information about the dns-operations mailing list