Re: [DNSOP] [dnsext] Re: Computerworld apparently has changed DNS protocol
Nicholas Weaver <nweaver@ICSI.Berkeley.EDU> Wed, 11 November 2009 14:58 UTC
Return-Path: <nweaver@ICSI.Berkeley.EDU>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CD6AD3A6877 for <dnsop@core3.amsl.com>; Wed, 11 Nov 2009 06:58:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.08
X-Spam-Level:
X-Spam-Status: No, score=-6.08 tagged_above=-999 required=5 tests=[AWL=0.519, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KElYSya-Z4q4 for <dnsop@core3.amsl.com>; Wed, 11 Nov 2009 06:58:11 -0800 (PST)
Received: from fruitcake.ICSI.Berkeley.EDU (fruitcake.ICSI.Berkeley.EDU [192.150.186.11]) by core3.amsl.com (Postfix) with ESMTP id EC7CA3A68B5 for <dnsop@ietf.org>; Wed, 11 Nov 2009 06:58:11 -0800 (PST)
Received: from [IPv6:::1] (jack.ICSI.Berkeley.EDU [192.150.186.73]) by fruitcake.ICSI.Berkeley.EDU (8.12.11.20060614/8.12.11) with ESMTP id nABEwPOd017095; Wed, 11 Nov 2009 06:58:25 -0800 (PST)
Mime-Version: 1.0 (Apple Message framework v1077)
Content-Type: text/plain; charset="us-ascii"
From: Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
In-Reply-To: <AEB16CE2-B7F9-421E-AD74-52919DA4666C@apnic.net>
Date: Wed, 11 Nov 2009 06:58:25 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <F152505E-6A33-48AE-9DA1-5716F0360DC2@icsi.berkeley.edu>
References: <200911041858.TAA24009@TR-Sys.de> <FD44BF39-5B62-4689-AC6D-8DFFAF340EA1@icsi.berkeley.edu> <20091104192634.GA31981@vacation.karoshi.com.> <d791b8790911041141k71066fa9nede54d5dff9394fa@mail.gmail.com> <AF9E632C-C470-4EA8-9BB4-BF144D208619@ICSI.Berkeley.EDU> <alpine.BSF.2.00.0911110625230.73921@in1.dns-oarc.net> <AEB16CE2-B7F9-421E-AD74-52919DA4666C@apnic.net>
To: George Michaelson <ggm@apnic.net>
X-Mailer: Apple Mail (2.1077)
Cc: namedroppers@ops.ietf.org, dnsop@ietf.org, Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
Subject: Re: [DNSOP] [dnsext] Re: Computerworld apparently has changed DNS protocol
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Nov 2009 14:58:12 -0000
On Nov 10, 2009, at 10:42 PM, George Michaelson wrote: > On 11/11/2009, at 3:29 PM, Duane Wessels wrote: >> On Wed, 4 Nov 2009, Nicholas Weaver wrote: >> >>> Also, has someone done a study what the major recursive resolvers do on response failures from a root? Do they go to another first or do they try a smaller EDNS MTU? >> >> I gave a presentation on this at the DNS-OARC meeting last week: >> >> https://www.dns-oarc.net/files/workshop-200911/Duane_Wessels.pdf >> >> I was only able to test BIND (9.4.3) and Unbound (1.3.3) before the >> workshop. >> >> I've since learned that since my graphs only show 7 seconds after >> the initial query, it misses Unbound's fallback to TCP, which >> takes longer than that. > > Great presentation. A strong second, and many thanks for posting this. The only other thing which needs to be added is understanding what happens at the 1500B MTU point rather than the 512B point (increase key size and/or record count to hit), since our early testing with Netalyzr showed that its the 1500B boundary that is the big problem for most recursive resolvers, due to firewall rules and similar that can't handle UDP fragments.
- Re: [DNSOP] [dnsext] Computerworld apparently has… bmanning
- [DNSOP] Computerworld apparently has changed DNS … Alfred Hönes
- Re: [DNSOP] Computerworld apparently has changed … Nicholas Weaver
- Re: [DNSOP] Computerworld apparently has changed … bmanning
- Re: [DNSOP] [dnsext] Computerworld apparently has… bmanning
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Nicholas Weaver
- Re: [DNSOP] [dnsext] Computerworld apparently has… Alfred Hönes
- Re: [DNSOP] Computerworld apparently has changed … David Conrad
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… David Conrad
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Florian Weimer
- Re: [DNSOP] [dnsext] Computerworld apparently has… Florian Weimer
- Re: [DNSOP] Computerworld apparently has changed … David Blacka
- Re: [DNSOP] Computerworld apparently has changed … Florian Weimer
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Florian Weimer
- Re: [DNSOP] Computerworld apparently has changed … David Blacka
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Mark Andrews
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Matthew Dempsky
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Matthew Dempsky
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Jay Daley
- Re: [DNSOP] [dnsext] Computerworld apparently has… Mark Andrews
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… David Conrad
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Matthew Dempsky
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… George Michaelson
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Florian Weimer
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Nicholas Weaver
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… George Michaelson
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Duane Wessels
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Duane Wessels