Re: [DNSOP] Computerworld apparently has changed DNS protocol
David Blacka <davidb@verisign.com> Wed, 04 November 2009 20:29 UTC
Return-Path: <davidb@verisign.com>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D275728C0CF for <dnsop@core3.amsl.com>; Wed, 4 Nov 2009 12:29:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yvmciwbxQnll for <dnsop@core3.amsl.com>; Wed, 4 Nov 2009 12:29:55 -0800 (PST)
Received: from cliffie.verisignlabs.com (mail.verisignlabs.com [65.201.175.9]) by core3.amsl.com (Postfix) with ESMTP id E414728C0D9 for <dnsop@ietf.org>; Wed, 4 Nov 2009 12:29:54 -0800 (PST)
Received: from dul1mcdblacka-l2.vcorp.ad.vrsn.com (h87.s239.verisign.com [216.168.239.87]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by cliffie.verisignlabs.com (Postfix) with ESMTPSA id 82F5B1819B; Wed, 4 Nov 2009 15:30:15 -0500 (EST)
Mime-Version: 1.0 (Apple Message framework v1076)
Content-Type: multipart/signed; boundary="Apple-Mail-4--113458827"; protocol="application/pkcs7-signature"; micalg="sha1"
From: David Blacka <davidb@verisign.com>
In-Reply-To: <088AD8CD-0245-4F5E-9159-ECF92E9D6B83@virtualized.org>
Date: Wed, 04 Nov 2009 15:30:15 -0500
Message-Id: <B67A73DC-8C2B-4B61-A043-96BB00E9A149@verisign.com>
References: <200911041858.TAA24009@TR-Sys.de> <FD44BF39-5B62-4689-AC6D-8DFFAF340EA1@icsi.berkeley.edu> <088AD8CD-0245-4F5E-9159-ECF92E9D6B83@virtualized.org>
To: David Conrad <drc@virtualized.org>
X-Mailer: Apple Mail (2.1076)
Cc: dnsop WG <dnsop@ietf.org>, Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
Subject: Re: [DNSOP] Computerworld apparently has changed DNS protocol
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Nov 2009 20:29:55 -0000
On Nov 4, 2009, at 3:02 PM, David Conrad wrote: > [namedroppers dropped as this felt more operational to me] > > On Nov 4, 2009, at 11:09 AM, Nicholas Weaver wrote: >> Question: Have people been able to estimate how large the signed >> root zone response will be? > > Response to what? Using the current IANA 'normal root servers' > testbed: > > % dig +bufsize=4096 +dnssec @root.iana.org . ns | grep rcvd > ;; MSG SIZE rcvd: 801 > % dig +bufsize=4096 +dnssec @root.iana.org . soa | grep rcvd > ;; MSG SIZE rcvd: 1016 > % dig +bufsize=4096 +dnssec @root.iana.org . rrsig | grep rcvd > ;; MSG SIZE rcvd: 2005 > % dig +bufsize=4096 +dnssec @root.iana.org x a | grep rcvd > ;; MSG SIZE rcvd: 639 I actually researched this, and need to spend some time cleaning up the report before posting it to this list. But the bottom line is that yes, all responses save a few at the apex of root are below 1500b (actually, below 1100b). The responses that are larger are ". rrsig" and ". any" (and ". dnskey" if minimal dnskey responses aren't used). ". any" is the only one that would actually set TC if, say, the advertised buffer size were set to 1280. -- David Blacka <davidb@verisign.com> Sr. Engineer VeriSign Platform Product Development
- Re: [DNSOP] [dnsext] Computerworld apparently has… bmanning
- [DNSOP] Computerworld apparently has changed DNS … Alfred Hönes
- Re: [DNSOP] Computerworld apparently has changed … Nicholas Weaver
- Re: [DNSOP] Computerworld apparently has changed … bmanning
- Re: [DNSOP] [dnsext] Computerworld apparently has… bmanning
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Nicholas Weaver
- Re: [DNSOP] [dnsext] Computerworld apparently has… Alfred Hönes
- Re: [DNSOP] Computerworld apparently has changed … David Conrad
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… David Conrad
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Florian Weimer
- Re: [DNSOP] [dnsext] Computerworld apparently has… Florian Weimer
- Re: [DNSOP] Computerworld apparently has changed … David Blacka
- Re: [DNSOP] Computerworld apparently has changed … Florian Weimer
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Florian Weimer
- Re: [DNSOP] Computerworld apparently has changed … David Blacka
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Mark Andrews
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Matthew Dempsky
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Matthew Dempsky
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Jay Daley
- Re: [DNSOP] [dnsext] Computerworld apparently has… Mark Andrews
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… David Conrad
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Matthew Dempsky
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… George Michaelson
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Florian Weimer
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Nicholas Weaver
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… George Michaelson
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Duane Wessels
- Re: [DNSOP] [dnsext] Re: Computerworld apparently… Duane Wessels