<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="background-color: rgb(255, 255, 255); color: rgb(0, 0,
0); font-family: Tahoma; font-size: 16px;" text="#000000"
bgcolor="#FFFFFF">
<br>
<br>
<div class="moz-cite-prefix">On 5/Oct/18 03:07, John Levine wrote:<br>
<br>
</div>
<blockquote type="cite"
cite="mid:20181005010722.122C02006A0D69@ary.qy"
style="border-left: 2px solid #009900 !important; border-right:
2px solid #009900 !important; padding: 0px 15px 0px 15px; margin:
8px 2px; color: rgb(0, 0, 0) !important; color: rgb(0, 0, 0)
!important; background-color: null !important; color: null
!important;">
<pre wrap="">
Yeah, V6 UDP fragmentation and anycast are bad news. You can sort of
fix it by doing all your v6 DNSSEC DNS queries over TCP but it's a lot
easier to stick to v4.
Geoff Huston has written about this a lot and it's a well known problem
in the DNS community. I'm surprised if it's news to anyone here.
<a class="moz-txt-link-freetext" href="https://blog.apnic.net/2017/08/22/dealing-ipv6-fragmentation-dns/">https://blog.apnic.net/2017/08/22/dealing-ipv6-fragmentation-dns/</a></pre>
</blockquote>
<br>
In BIND, I think this can be solved by using the "minimal-responses"
knob.<br>
<br>
Mark.<br>
</body>
</html>