[dnssec-deployment] DNSSEC in Russia
Ray.Bellis at nominet.org.uk
Ray.Bellis at nominet.org.uk
Fri Apr 3 04:23:07 EDT 2009
> > See [SAC035].
>
> then we might as well toss the towel now. EDNS(0) is worthless
> and DNSSEC is non-deployable w/o TCP support. :)
Well, it's not actually as bad as that.
The packet limits seen in the DNS proxies in the CPE are likely to be a
problem if you're doing your own validation, but if you're relying on your
upstream recursive resolver to perform validation for you then you should
be fine.
The main exception to that are those few routers we found which failed to
support DO=1 or AD=1.
Ray
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://dnssec-deployment.org/pipermail/dnssec-deployment/attachments/20090403/736abc87/attachment.html
More information about the Dnssec-deployment
mailing list