Re: [DNSOP] [dnsext] Re: Computerworld apparently has changed DNS protocol
Mark Andrews <marka@isc.org> Wed, 04 November 2009 23:04 UTC
Return-Path: <marka@isc.org>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 958CF3A6A29 for <dnsop@core3.amsl.com>; Wed, 4 Nov 2009 15:04:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.486
X-Spam-Level:
X-Spam-Status: No, score=-2.486 tagged_above=-999 required=5 tests=[AWL=0.113, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OGaJGvYjkpkf for <dnsop@core3.amsl.com>; Wed, 4 Nov 2009 15:04:01 -0800 (PST)
Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) by core3.amsl.com (Postfix) with ESMTP id 4F5073A6A17 for <dnsop@ietf.org>; Wed, 4 Nov 2009 15:03:59 -0800 (PST)
Received: from drugs.dv.isc.org (drugs.dv.isc.org [IPv6:2001:470:1f00:820:214:22ff:fed9:fbdc]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "drugs.dv.isc.org", Issuer "ISC CA" (not verified)) by farside.isc.org (Postfix) with ESMTP id BA89FE601C; Wed, 4 Nov 2009 23:04:18 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.14.3/8.14.3) with ESMTP id nA4N4AX4007738; Thu, 5 Nov 2009 10:04:11 +1100 (EST) (envelope-from marka@drugs.dv.isc.org)
Message-Id: <200911042304.nA4N4AX4007738@drugs.dv.isc.org>
To: Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
From: Mark Andrews <marka@isc.org>
References: <200911041858.TAA24009@TR-Sys.de> <FD44BF39-5B62-4689-AC6D-8DFFAF340EA1@icsi.berkeley.edu> <20091104192634.GA31981@vacation.karoshi.com.> <d791b8790911041141k71066fa9nede54d5dff9394fa@mail.gmail.com> <AF9E632C-C470-4EA8-9BB4-BF144D208619@ICSI.Berkeley.EDU>
In-reply-to: Your message of "Wed, 04 Nov 2009 11:43:11 -0800." <AF9E632C-C470-4EA8-9BB4-BF144D208619@ICSI.Berkeley.EDU>
Date: Thu, 05 Nov 2009 10:04:10 +1100
Sender: marka@isc.org
Cc: Matthew Dempsky <matthew@dempsky.org>, namedroppers@ops.ietf.org, bmanning@vacation.karoshi.com, dnsop@ietf.org, Alfred HÎnes <ah@tr-sys.de>
Subject: Re: [DNSOP] [dnsext] Re: Computerworld apparently has changed DNS protocol
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Nov 2009 23:04:02 -0000
In message <AF9E632C-C470-4EA8-9BB4-BF144D208619@ICSI.Berkeley.EDU>, Nicholas W eaver writes: > > On Nov 4, 2009, at 11:41 AM, Matthew Dempsky wrote: > > > On Wed, Nov 4, 2009 at 11:26 AM, <bmanning@vacation.karoshi.com> > > wrote: > >> The current deployment plan is to stage things to push out > >> large responses > >> early - prior to having any actual DNSSEC usable data ... > >> ostensibly to > >> flush out DNSmtu problems. > > > > Is this plan to push out large responses indiscriminately, or only in > > response to queries with DO=1? > > Also, has someone done a study what the major recursive resolvers do > on response failures from a root? Do they go to another first or do > they try a smaller EDNS MTU? You do realise that the roots have been emitting DNS/UDP responses bigger that 512 bytes for ages now. The network did not grind to a halt when that started. It won't grind to a halt when the root is signed. There would be very few networks that NEVER make queries to COM or NET zones and referrals to the COM and NET zones have exceed 512 bytes for a long time now. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- Re: [DNSOP] [dnsext] Computerworld apparently has… bmanning
- [DNSOP] Computerworld apparently has changed DNS … Alfred Hönes
- Re: [DNSOP] Computerworld apparently has changed … Nicholas Weaver
- Re: [DNSOP] Computerworld apparently has changed … bmanning
- Re: [DNSOP] [dnsext] Computerworld apparently has… bmanning
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Nicholas Weaver
- Re: [DNSOP] [dnsext] Computerworld apparently has… Alfred Hönes
- Re: [DNSOP] Computerworld apparently has changed … David Conrad
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… David Conrad
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Florian Weimer
- Re: [DNSOP] [dnsext] Computerworld apparently has… Florian Weimer
- Re: [DNSOP] Computerworld apparently has changed … David Blacka
- Re: [DNSOP] Computerworld apparently has changed … Florian Weimer
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Florian Weimer
- Re: [DNSOP] Computerworld apparently has changed … David Blacka
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Mark Andrews
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Matthew Dempsky
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Matthew Dempsky
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Jay Daley
- Re: [DNSOP] [dnsext] Computerworld apparently has… Mark Andrews
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… David Conrad
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Matthew Dempsky
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… George Michaelson
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Florian Weimer
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Nicholas Weaver
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… George Michaelson
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Duane Wessels
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Duane Wessels