Re: [DNSOP] Computerworld apparently has changed DNS protocol

bmanning@vacation.karoshi.com Wed, 04 November 2009 19:26 UTC

Return-Path: <bmanning@karoshi.com>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AEF8A3A69D7 for <dnsop@core3.amsl.com>; Wed, 4 Nov 2009 11:26:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.142
X-Spam-Level:
X-Spam-Status: No, score=-6.142 tagged_above=-999 required=5 tests=[AWL=0.457, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yGizcvionbMx for <dnsop@core3.amsl.com>; Wed, 4 Nov 2009 11:26:16 -0800 (PST)
Received: from vacation.karoshi.com (vacation.karoshi.com [198.32.6.68]) by core3.amsl.com (Postfix) with ESMTP id A27243A6894 for <dnsop@ietf.org>; Wed, 4 Nov 2009 11:26:15 -0800 (PST)
Received: from karoshi.com (localhost.localdomain [127.0.0.1]) by vacation.karoshi.com (8.12.8/8.12.8) with ESMTP id nA4JQY4t032065; Wed, 4 Nov 2009 19:26:34 GMT
Received: (from bmanning@localhost) by karoshi.com (8.12.8/8.12.8/Submit) id nA4JQY0c032064; Wed, 4 Nov 2009 19:26:34 GMT
Date: Wed, 04 Nov 2009 19:26:34 +0000
From: bmanning@vacation.karoshi.com
To: Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
Message-ID: <20091104192634.GA31981@vacation.karoshi.com.>
References: <200911041858.TAA24009@TR-Sys.de> <FD44BF39-5B62-4689-AC6D-8DFFAF340EA1@icsi.berkeley.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <FD44BF39-5B62-4689-AC6D-8DFFAF340EA1@icsi.berkeley.edu>
User-Agent: Mutt/1.4.1i
Cc: namedroppers@ops.ietf.org, Alfred HÎnes <ah@tr-sys.de>, dnsop@ietf.org
Subject: Re: [DNSOP] Computerworld apparently has changed DNS protocol
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Nov 2009 19:26:16 -0000

On Wed, Nov 04, 2009 at 11:09:53AM -0800, Nicholas Weaver wrote:
> Question:  Have people been able to estimate how large the signed root  
> zone response will be?
> 
> I'm assuming its below the magic 1500B level for standard queries.  Is  
> this correct?
> 
> Oh, and one thing to watch out for:  Some IP stacks I've noticed will  
> set DF on UDP datagrams, if the datagram is too small to require  
> fragmentation onto the local network!
> 
> Add this to the list of things DNS operators need to watch out for  
> when turning on DNSSEC.
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop


	David Conrad, ICANN maven and one-time IANA manager, posted some numbers
	from their DNSSEC testbed a month or so back.  Responses were just under
	1800 bytes. 

	The current deployment plan is to stage things to push out large responses
	early - prior to having any actual DNSSEC usable data ... ostensibly to
	flush out DNSmtu problems.

--bill