Re: [DNSOP] [dnsext] Re: Computerworld apparently has changed DNS protocol

Matthew Dempsky <matthew@dempsky.org> Wed, 04 November 2009 21:44 UTC

Return-Path: <matthew@dempsky.org>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CEF0A3A6814 for <dnsop@core3.amsl.com>; Wed, 4 Nov 2009 13:44:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.286
X-Spam-Level:
X-Spam-Status: No, score=-1.286 tagged_above=-999 required=5 tests=[AWL=0.691, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l8TUCD4bJknu for <dnsop@core3.amsl.com>; Wed, 4 Nov 2009 13:44:57 -0800 (PST)
Received: from mail-pz0-f204.google.com (mail-pz0-f204.google.com [209.85.222.204]) by core3.amsl.com (Postfix) with ESMTP id 339123A686C for <dnsop@ietf.org>; Wed, 4 Nov 2009 13:44:57 -0800 (PST)
Received: by pzk42 with SMTP id 42so5823867pzk.31 for <dnsop@ietf.org>; Wed, 04 Nov 2009 13:45:16 -0800 (PST)
MIME-Version: 1.0
Received: by 10.115.101.10 with SMTP id d10mr3120825wam.61.1257371116587; Wed, 04 Nov 2009 13:45:16 -0800 (PST)
In-Reply-To: <8643905B-B73B-4D87-A1CE-F218E4BA9FD4@virtualized.org>
References: <200911041858.TAA24009@TR-Sys.de> <FD44BF39-5B62-4689-AC6D-8DFFAF340EA1@icsi.berkeley.edu> <20091104192634.GA31981@vacation.karoshi.com.> <d791b8790911041141k71066fa9nede54d5dff9394fa@mail.gmail.com> <8643905B-B73B-4D87-A1CE-F218E4BA9FD4@virtualized.org>
Date: Wed, 04 Nov 2009 13:45:16 -0800
Message-ID: <d791b8790911041345u378d9525i1cfc48251fe2d132@mail.gmail.com>
From: Matthew Dempsky <matthew@dempsky.org>
To: David Conrad <drc@virtualized.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailman-Approved-At: Wed, 04 Nov 2009 15:14:03 -0800
Cc: dnsop WG <dnsop@ietf.org>
Subject: Re: [DNSOP] [dnsext] Re: Computerworld apparently has changed DNS protocol
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Nov 2009 21:44:57 -0000

On Wed, Nov 4, 2009 at 12:04 PM, David Conrad <drc@virtualized.org> wrote:
> On Nov 4, 2009, at 11:41 AM, Matthew Dempsky wrote:
>> On Wed, Nov 4, 2009 at 11:26 AM,  <bmanning@vacation.karoshi.com> wrote:
>>>        The current deployment plan is to stage things to push out large responses
>>>        early - prior to having any actual DNSSEC usable data ... ostensibly to
>>>        flush out DNSmtu problems.
>>
>> Is this plan to push out large responses indiscriminately, or only in
>> response to queries with DO=1?
>
> We're not planning on breaking the DNS protocol.  DNSSEC responses will only be provided if DO=1 (currently about 70% of the queries hitting the root have DO=1).

I'd appreciate if someone could clarify what the "large responses"
that will preexist "actual DNSSEC usable data" that Bill Manning is
referring to are.  It's unclear to me whether it's still technically
DNSSEC data and hence would require a client to send DO=1, or if it
will be something like large additional section TXT records or just
trailing bytes.