bsomers> My argument goes something like this. When a DNS request is bsomers> sent, the client (whether a stub or a resolver) is the most bsomers> qualified to know specifics about the "connection" and is also bsomers> the target of fragmentation attacks.
I'd go the other end of the spectrum. I'd argue that neither client nor server has any clue of what horrible network crap lies in the path. There are so many badly implemented boxes built on the assumption that they have some right to muck with packets passing through them but with no skin in the game that end to end has to work. If you buy that assumption, smaller default is less operational risk. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
