[dns-operations] [Ext] DNS Flag Day 2020 will become effective on 2020-10-01

Wed Sep 16 02:08:16 UTC 2020

bsomers> My argument goes something like this.  When a DNS request is
bsomers> sent, the client (whether a stub or a resolver) is the most
bsomers> qualified to know specifics about the "connection" and is also
bsomers> the target of fragmentation attacks.

I'd go the other end of the spectrum. I'd argue that neither client nor
server has any clue of what horrible network crap lies in the
path. There are so many badly implemented boxes built on the assumption
that they have some right to muck with packets passing through them but
with no skin in the game that end to end has to work.

If you buy that assumption, smaller default is less operational risk.