[dns-operations] fragmentation avoidance
Paul Vixie
paul at redbarn.org
Fri Apr 17 23:12:44 UTC 2020
On Friday, 17 April 2020 22:48:08 UTC Mark Andrews wrote:
> ...
>
> Or we could adopt the well known TSIG approach and defeat
> fragmentation attacks that way. This works for both IPv4 and IPv6.
fragmentation's harms extend well beyond dns integrity vulnerabilities. i
should not have proposed fragmentation in EDNS, and now we have to go undo
that part and start again on the datagram size tension headache. see here:
https://tools.ietf.org/html/draft-fujiwara-dnsop-avoid-fragmentation-02
--
Paul
More information about the dns-operations
mailing list