On Nov 4, 2009, at 3:02 PM, David Conrad wrote:
[namedroppers dropped as this felt more operational to me] On Nov 4, 2009, at 11:09 AM, Nicholas Weaver wrote:Question: Have people been able to estimate how large the signed root zone response will be?Response to what? Using the current IANA 'normal root servers' testbed:% dig +bufsize=4096 +dnssec @root.iana.org . ns | grep rcvd ;; MSG SIZE rcvd: 801 % dig +bufsize=4096 +dnssec @root.iana.org . soa | grep rcvd ;; MSG SIZE rcvd: 1016 % dig +bufsize=4096 +dnssec @root.iana.org . rrsig | grep rcvd ;; MSG SIZE rcvd: 2005 % dig +bufsize=4096 +dnssec @root.iana.org x a | grep rcvd ;; MSG SIZE rcvd: 639
I actually researched this, and need to spend some time cleaning up the report before posting it to this list. But the bottom line is that yes, all responses save a few at the apex of root are below 1500b (actually, below 1100b). The responses that are larger are ". rrsig" and ". any" (and ". dnskey" if minimal dnskey responses aren't used). ". any" is the only one that would actually set TC if, say, the advertised buffer size were set to 1280.
-- David Blacka <[email protected]> Sr. Engineer VeriSign Platform Product Development
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
