Re: [DNSOP] On resolver priming
Florian Weimer <fweimer@bfk.de> Tue, 16 November 2010 08:12 UTC
Return-Path: <fweimer@bfk.de>
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 62E173A6D81 for <dnsop@core3.amsl.com>; Tue, 16 Nov 2010 00:12:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.947
X-Spam-Level:
X-Spam-Status: No, score=-1.947 tagged_above=-999 required=5 tests=[AWL=0.302, BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5ybNuiVOfFaG for <dnsop@core3.amsl.com>; Tue, 16 Nov 2010 00:12:23 -0800 (PST)
Received: from mx01.bfk.de (mx01.bfk.de [193.227.124.2]) by core3.amsl.com (Postfix) with ESMTP id A96CC3A6DB0 for <dnsop@ietf.org>; Tue, 16 Nov 2010 00:12:22 -0800 (PST)
Received: from mx00.int.bfk.de ([10.119.110.2]) by mx01.bfk.de with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) id 1PIGey-0006S8-DI; Tue, 16 Nov 2010 08:13:00 +0000
Received: by bfk.de with local id 1PIGey-0008G6-9P; Tue, 16 Nov 2010 08:13:00 +0000
To: Paul Hoffman <paul.hoffman@vpnc.org>
References: <20101111100350.GA1997@shinkuro.com> <20101111184914.GA12031@DUL1MLARSON-M1.labs.vrsn.com> <p0624080fc902387a14c5@[130.129.37.235]>
From: Florian Weimer <fweimer@bfk.de>
Date: Tue, 16 Nov 2010 08:13:00 +0000
In-Reply-To: <p0624080fc902387a14c5@[130.129.37.235]> (Paul Hoffman's message of "Fri\, 12 Nov 2010 08\:32\:48 +0800")
Message-ID: <82wrodptyr.fsf@mid.bfk.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] On resolver priming
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Nov 2010 08:12:25 -0000
* Paul Hoffman: > Conservative, yes; operationally prudent, no. This type of thing can > be pre-tested fairly easily. For example, once .net starts signing, > make a private signing of root-servers.net and hand it out to > friends and family and watch for any anomalous results. This is not sufficient because DNSSEC does not prescribe response contents, so different (root) servers (instances) will generate different responses from the same zone data, unless the specification is tightened considerably. In particular, such variation affects response sizes, which used to be a primary concern during the DURZ phase. -- Florian Weimer <fweimer@bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99
- [DNSOP] On resolver priming Andrew Sullivan
- Re: [DNSOP] On resolver priming Frederico A C Neves
- Re: [DNSOP] On resolver priming Joao Damas
- Re: [DNSOP] On resolver priming Tony Finch
- Re: [DNSOP] On resolver priming Matt Larson
- Re: [DNSOP] On resolver priming bmanning
- Re: [DNSOP] On resolver priming Griffiths, Chris
- Re: [DNSOP] On resolver priming Paul Hoffman
- Re: [DNSOP] On resolver priming Mark Andrews
- Re: [DNSOP] On resolver priming W.C.A. Wijngaards
- Re: [DNSOP] On resolver priming David Conrad
- Re: [DNSOP] On resolver priming Paul Hoffman
- Re: [DNSOP] On resolver priming Joao Damas
- Re: [DNSOP] On resolver priming Paul Hoffman
- Re: [DNSOP] On resolver priming Florian Weimer