[dns-operations] [Ext] Verisign TLDs, some other servers may trim critical glue from very large referrals
ietf-dane at dukhovni.org
Fri Jan 4 16:08:47 UTC 2019
> On Jan 4, 2019, at 9:43 AM, Edward Lewis <edward.lewis at icann.org> wrote:
> Another thing to fix is the receiving software...to know to ask for the glue when it isn't found. But that isn't simple - you have to ask with DNSSEC off:
That looks like sound advice. One might call that "glue sniffing",
where a signed glueless response with no TC is followed up by a
query with DO=0 to try and get some glue.
Separately, I agree that an EDNS buffer size of 512 seems unwise.
Though 1280 might be a tad too big, because the IPv6 MTU, not the
maximum payload size of a UDP datagram. One needs to subtract the
IP and IP header sizes. My ad hoc estimate is 1280 - 64 = 1216.
More information about the dns-operations