On Jun 24, 2013, at 10:11 AM, Ben Laurie <[email protected]> wrote: > I didn't respond to this at the time, because I wanted numbers rather > than handwaving. Now I have some numbers. :-) > > Our experience is that ~4% of clients cannot retrieve arbitrary DNSSEC > records from their configured resolver. Independently, we have > surveyed the ability of clients to contact Google on port 53 (i.e. I > don't know how these numbers relate to the 4% but clearly the > prognosis is not good): ~13% of the time, UDP doesn't work, and ~60% > of the time TCP doesn't work. > > I think this effectively rules out any reliance on DNS, leaving aside > all other considerations.
Ben, We could have a long philosophical debate on that last statement, e.g. on whether innovation on the core of the Internet is still possible but that is likely to be out of scope for this list. ;-) The reason for this reply is about the numbers you report. I am not doubting those, on first sight they seem plausible. However, I would like to see a more detailed description of measurement methodology and an explanation of the effects causing this. Will there be a paper forthcoming? I am specifically interested possible workarounds around the blockage, that would be valuable input to some of the last-mile work Labs is interested in. --Olaf ________________________________ "When you're NAT on the net, you're NOT on the net" -- Hugh Daniel _______________________ Olaf Kolkman -- NLnet Labs http://www.nlnetlabs.nl/
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
