On Wed, Nov 04, 2009 at 11:09:53AM -0800, Nicholas Weaver wrote:
> Question: Have people been able to estimate how large the signed root
> zone response will be?
>
> I'm assuming its below the magic 1500B level for standard queries. Is
> this correct?
>
> Oh, and one thing to watch out for: Some IP stacks I've noticed will
> set DF on UDP datagrams, if the datagram is too small to require
> fragmentation onto the local network!
>
> Add this to the list of things DNS operators need to watch out for
> when turning on DNSSEC.
>
> _______________________________________________
> DNSOP mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/dnsop
David Conrad, ICANN maven and one-time IANA manager, posted some numbers
from their DNSSEC testbed a month or so back. Responses were just under
1800 bytes.
The current deployment plan is to stage things to push out large
responses
early - prior to having any actual DNSSEC usable data ... ostensibly to
flush out DNSmtu problems.
--bill
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
