Re: [DNSOP] [dnsext] Re: Computerworld apparently has changed DNS protocol

Mark Andrews <marka@isc.org> Wed, 04 November 2009 23:04 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 958CF3A6A29 for <dnsop@core3.amsl.com>; Wed, 4 Nov 2009 15:04:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.486
X-Spam-Level:
X-Spam-Status: No, score=-2.486 tagged_above=-999 required=5 tests=[AWL=0.113, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OGaJGvYjkpkf for <dnsop@core3.amsl.com>; Wed, 4 Nov 2009 15:04:01 -0800 (PST)
Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) by core3.amsl.com (Postfix) with ESMTP id 4F5073A6A17 for <dnsop@ietf.org>; Wed, 4 Nov 2009 15:03:59 -0800 (PST)
Received: from drugs.dv.isc.org (drugs.dv.isc.org [IPv6:2001:470:1f00:820:214:22ff:fed9:fbdc]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "drugs.dv.isc.org", Issuer "ISC CA" (not verified)) by farside.isc.org (Postfix) with ESMTP id BA89FE601C; Wed, 4 Nov 2009 23:04:18 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.14.3/8.14.3) with ESMTP id nA4N4AX4007738; Thu, 5 Nov 2009 10:04:11 +1100 (EST) (envelope-from marka@drugs.dv.isc.org)
Message-Id: <200911042304.nA4N4AX4007738@drugs.dv.isc.org>
To: Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
From: Mark Andrews <marka@isc.org>
References: <200911041858.TAA24009@TR-Sys.de> <FD44BF39-5B62-4689-AC6D-8DFFAF340EA1@icsi.berkeley.edu> <20091104192634.GA31981@vacation.karoshi.com.> <d791b8790911041141k71066fa9nede54d5dff9394fa@mail.gmail.com> <AF9E632C-C470-4EA8-9BB4-BF144D208619@ICSI.Berkeley.EDU>
In-reply-to: Your message of "Wed, 04 Nov 2009 11:43:11 -0800." <AF9E632C-C470-4EA8-9BB4-BF144D208619@ICSI.Berkeley.EDU>
Date: Thu, 05 Nov 2009 10:04:10 +1100
Sender: marka@isc.org
Cc: Matthew Dempsky <matthew@dempsky.org>, namedroppers@ops.ietf.org, bmanning@vacation.karoshi.com, dnsop@ietf.org, Alfred HÎnes <ah@tr-sys.de>
Subject: Re: [DNSOP] [dnsext] Re: Computerworld apparently has changed DNS protocol
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Nov 2009 23:04:02 -0000

In message <AF9E632C-C470-4EA8-9BB4-BF144D208619@ICSI.Berkeley.EDU>, Nicholas W
eaver writes:
> 
> On Nov 4, 2009, at 11:41 AM, Matthew Dempsky wrote:
> 
> > On Wed, Nov 4, 2009 at 11:26 AM,  <bmanning@vacation.karoshi.com>  
> > wrote:
> >>        The current deployment plan is to stage things to push out  
> >> large responses
> >>        early - prior to having any actual DNSSEC usable data ...  
> >> ostensibly to
> >>        flush out DNSmtu problems.
> >
> > Is this plan to push out large responses indiscriminately, or only in
> > response to queries with DO=1?
> 
> Also, has someone done a study what the major recursive resolvers do  
> on response failures from a root?  Do they go to another first or do  
> they try a smaller EDNS MTU?

You do realise that the roots have been emitting DNS/UDP responses
bigger that 512 bytes for ages now.  The network did not grind to
a halt when that started.  It won't grind to a halt when the root
is signed.  There would be very few networks that NEVER make queries
to COM or NET zones and referrals to the COM and NET zones have exceed
512 bytes for a long time now.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org