On Mar 5, 2015, at 9:00 AM, manning bill <bmanning@xxxxxxx> wrote: > EDNS is essential for the implementation of DNS Security Extensions. All roots support DNSSEC. > Calling out EDNS0 at this time is moot. Bill's exactly right here. From Section 3 of RFC 4035: A security-aware name server MUST support the EDNS0 ([RFC2671]) message size extension, MUST support a message size of at least 1220 octets, and SHOULD support a message size of 4000 octets. So EDNS0 support for the part we care about most, message size, is already in draft-iab-2870bis as a side-effect of the last bullet of Section 2 of draft-iab-2870bis. --Paul Hoffman