[Dnssec-deployment] CAT is signed

bert hubert bert.hubert at netherlabs.nl
Tue Jun 29 15:05:12 EDT 2010


On Tue, Jun 29, 2010 at 07:55:46PM +0100, Tony Finch wrote:
> On Tue, 29 Jun 2010, Eric Osterweil wrote:
> >
> > I am, actually, quite on board with raising a flag when there is a PMTU
> > problem.  However, I can't agree that ANY queries constitute a problem.
> 
> Even though ANY queries shouldn't be used in production code, the fact
> remains that some software does use them. If a nameserver has problems
> delivering large ANY replies it will cause operational difficulties.

Authoritative ANY queries are fine though. PowerDNS Recursor uses them in
production as a faux 'ADDR' query when configured to perform outbound
queries over IPv4 *and* IPv6.

rd=1 ANY queries are useless.

	Bert


More information about the Dnssec-deployment mailing list