[Dnssec-deployment] CAT is signed
bert.hubert at netherlabs.nl
Tue Jun 29 15:05:12 EDT 2010
On Tue, Jun 29, 2010 at 07:55:46PM +0100, Tony Finch wrote:
> On Tue, 29 Jun 2010, Eric Osterweil wrote:
> > I am, actually, quite on board with raising a flag when there is a PMTU
> > problem. However, I can't agree that ANY queries constitute a problem.
> Even though ANY queries shouldn't be used in production code, the fact
> remains that some software does use them. If a nameserver has problems
> delivering large ANY replies it will cause operational difficulties.
Authoritative ANY queries are fine though. PowerDNS Recursor uses them in
production as a faux 'ADDR' query when configured to perform outbound
queries over IPv4 *and* IPv6.
rd=1 ANY queries are useless.
More information about the Dnssec-deployment