> Mark Andrews wrote:
>
> >>Considering that two RRs each containing 2048 bit data will need
> >>oversized messages, they may not be properly treated by some
> >>servers.
> >>
> >>Those suffering from oversized messages may turn-off DNSSEC and there
> >> is instability for those moving with their laptops.
>
> > And how is this different from the answers from TLDs which
> > have already turned on DNSSEC?
>
> Though I never said answers from root servers is oversized,
> if some server under such TLD generates oversized messages,
> there should be instability observed.
>
> Masataka Ohta
Define oversized?
A referral to the COM servers already exceeds 512 octets.
Lots of EDNS answers already result in fragmented responses.
Lots of EDNS answers already exceed 2K.
There are a few EDNS answers which even set TC.
I fail to see how turning on DNSSEC at the root will change
anything significant with respect to responses sizes which
is not already highly visible elsewhere in the DNS.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
