and IPv6

Florian Weimer fw at
Fri Nov 18 18:11:06 UTC 2016

* Mark Andrews:

> The DNSSEC testing is also insufficient. shows
> green for example but if you use DNS COOKIES (which BIND 9.10.4 and
> BIND 9.11.0 do) then servers barf and return BADVERS and validation
> fails.  QWEST you have been informed of this already.
> Why the hell should validating resolver have to work around the
> crap you guys are using?

The protocol doesn't have proper version negotation, and again and
again, implementers have tried to force backwards-incompatible
implementations on the Internet at large.

More information about the NANOG mailing list