Re: [DNSOP] Should root-servers.net be signed

Mark Andrews <marka@isc.org> Tue, 09 March 2010 00:00 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B49B53A6BFE for <dnsop@core3.amsl.com>; Mon, 8 Mar 2010 16:00:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.306
X-Spam-Level:
X-Spam-Status: No, score=-2.306 tagged_above=-999 required=5 tests=[AWL=0.293, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xOJaesKJnPBL for <dnsop@core3.amsl.com>; Mon, 8 Mar 2010 16:00:08 -0800 (PST)
Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) by core3.amsl.com (Postfix) with ESMTP id EF3833A6BD0 for <dnsop@ietf.org>; Mon, 8 Mar 2010 16:00:07 -0800 (PST)
Received: from drugs.dv.isc.org (drugs.dv.isc.org [IPv6:2001:470:1f00:820:214:22ff:fed9:fbdc]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "drugs.dv.isc.org", Issuer "ISC CA" (not verified)) by farside.isc.org (Postfix) with ESMTP id 4B2E6E60B6; Tue, 9 Mar 2010 00:00:10 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.14.3/8.14.3) with ESMTP id o29007Ne076985; Tue, 9 Mar 2010 11:00:07 +1100 (EST) (envelope-from marka@drugs.dv.isc.org)
Message-Id: <201003090000.o29007Ne076985@drugs.dv.isc.org>
To: Joe Abley <jabley@hopcount.ca>
From: Mark Andrews <marka@isc.org>
References: <2AA0F45200E147D1ADC86A4B373C3D46@localhost> <0E169711-92DC-4AEA-AA81-718F298D1645@hopcount.ca> <alpine.LSU.2.00.1003081614480.1897@hermes-2.csi.cam.ac.uk> <A2D7C5EE-9937-4529-A28F-23296485A8B2@hopcount.ca> <43FC3F50679F458A869F99D72ECD1237@localhost> <EA246CEF-B258-4FE9-91BD-26F62263F87B@hopcount.ca>
In-reply-to: Your message of "Mon, 08 Mar 2010 18:37:45 CDT." <EA246CEF-B258-4FE9-91BD-26F62263F87B@hopcount.ca>
Date: Tue, 09 Mar 2010 11:00:07 +1100
Sender: marka@isc.org
Cc: Tony Finch <dot@dotat.at>, George Barwood <george.barwood@blueyonder.co.uk>, dnsop@ietf.org
Subject: Re: [DNSOP] Should root-servers.net be signed
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Mar 2010 00:00:09 -0000

In message <EA246CEF-B258-4FE9-91BD-26F62263F87B@hopcount.ca>, Joe Abley writes
:
> On 2010-03-08, at 17:08, George Barwood wrote:
> 
> > It's interesting to note that currently
> > 
> > dig any . @a.root-servers.net +dnssec
> > 
> > truncates, leading to TCP fallback
> > 
> > but
> > 
> > dig any . @l.root-servers.net +dnssec
> 
> > does not truncate ( response size is 1906 bytes ).
> 
> A runs BIND9, as far as I know. L runs NSD 3.2.4. Different implementations b
> ehave differently.
> 

Configured differently.  By default max-udp-size is 4096.  Yes there
are differences but this is not one.  Even the very oldest BIND9's
support a max-udp-size of 2048.  If A is running named then this is
a deliberate configuration choice.
 
> Joe
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org