pay.gov and IPv6
Florian Weimer
fw at deneb.enyo.de
Fri Nov 18 18:11:06 UTC 2016
* Mark Andrews:
> The DNSSEC testing is also insufficient. 9-11commission.gov shows
> green for example but if you use DNS COOKIES (which BIND 9.10.4 and
> BIND 9.11.0 do) then servers barf and return BADVERS and validation
> fails. QWEST you have been informed of this already.
>
> Why the hell should validating resolver have to work around the
> crap you guys are using?
The protocol doesn't have proper version negotation, and again and
again, implementers have tried to force backwards-incompatible
implementations on the Internet at large.
More information about the NANOG
mailing list