[192750] in North American Network Operators' Group
Re: pay.gov and IPv6
daemon@ATHENA.MIT.EDU (Florian Weimer)
Fri Nov 18 13:11:13 2016
X-Original-To: nanog@nanog.org
From: Florian Weimer <fw@deneb.enyo.de>
To: Mark Andrews <marka@isc.org>
Date: Fri, 18 Nov 2016 19:11:06 +0100
In-Reply-To: <20161117002622.74D825A57884@rock.dv.isc.org> (Mark Andrews's
message of "Thu, 17 Nov 2016 11:26:22 +1100")
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
* Mark Andrews:
> The DNSSEC testing is also insufficient. 9-11commission.gov shows
> green for example but if you use DNS COOKIES (which BIND 9.10.4 and
> BIND 9.11.0 do) then servers barf and return BADVERS and validation
> fails. QWEST you have been informed of this already.
>
> Why the hell should validating resolver have to work around the
> crap you guys are using?
The protocol doesn't have proper version negotation, and again and
again, implementers have tried to force backwards-incompatible
implementations on the Internet at large.
