> Mark Andrews wrote: > > >>Considering that two RRs each containing 2048 bit data will need > >>oversized messages, they may not be properly treated by some > >>servers. > >> > >>Those suffering from oversized messages may turn-off DNSSEC and there > >> is instability for those moving with their laptops. > > > And how is this different from the answers from TLDs which > > have already turned on DNSSEC? > > Though I never said answers from root servers is oversized, > if some server under such TLD generates oversized messages, > there should be instability observed. > > Masataka Ohta
Define oversized? A referral to the COM servers already exceeds 512 octets. Lots of EDNS answers already result in fragmented responses. Lots of EDNS answers already exceed 2K. There are a few EDNS answers which even set TC. I fail to see how turning on DNSSEC at the root will change anything significant with respect to responses sizes which is not already highly visible elsewhere in the DNS. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED] _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop