Re: [DNSOP] Computerworld apparently has changed DNS protocol

Nicholas Weaver <nweaver@ICSI.Berkeley.EDU> Wed, 04 November 2009 19:09 UTC

Return-Path: <nweaver@ICSI.Berkeley.EDU>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BF7DA3A6963 for <dnsop@core3.amsl.com>; Wed, 4 Nov 2009 11:09:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.705
X-Spam-Level:
X-Spam-Status: No, score=-5.705 tagged_above=-999 required=5 tests=[AWL=0.595, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lAG1o84wmjk4 for <dnsop@core3.amsl.com>; Wed, 4 Nov 2009 11:09:32 -0800 (PST)
Received: from fruitcake.ICSI.Berkeley.EDU (fruitcake.ICSI.Berkeley.EDU [192.150.186.11]) by core3.amsl.com (Postfix) with ESMTP id 182AF3A68D3 for <dnsop@ietf.org>; Wed, 4 Nov 2009 11:09:32 -0800 (PST)
Received: from [IPv6:::1] (jack.ICSI.Berkeley.EDU [192.150.186.73]) by fruitcake.ICSI.Berkeley.EDU (8.12.11.20060614/8.12.11) with ESMTP id nA4J9rsP005805; Wed, 4 Nov 2009 11:09:53 -0800 (PST)
Mime-Version: 1.0 (Apple Message framework v1076)
Content-Type: text/plain; charset="us-ascii"; format="flowed"; delsp="yes"
From: Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
In-Reply-To: <200911041858.TAA24009@TR-Sys.de>
Date: Wed, 04 Nov 2009 11:09:53 -0800
Content-Transfer-Encoding: 7bit
Message-Id: <FD44BF39-5B62-4689-AC6D-8DFFAF340EA1@icsi.berkeley.edu>
References: <200911041858.TAA24009@TR-Sys.de>
To: Alfred HÎnes <ah@tr-sys.de>
X-Mailer: Apple Mail (2.1076)
Cc: namedroppers@ops.ietf.org, dnsop@ietf.org, Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
Subject: Re: [DNSOP] Computerworld apparently has changed DNS protocol
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Nov 2009 19:09:32 -0000

Question:  Have people been able to estimate how large the signed root  
zone response will be?

I'm assuming its below the magic 1500B level for standard queries.  Is  
this correct?

Oh, and one thing to watch out for:  Some IP stacks I've noticed will  
set DF on UDP datagrams, if the datagram is too small to require  
fragmentation onto the local network!

Add this to the list of things DNS operators need to watch out for  
when turning on DNSSEC.