On Wed, Nov 4, 2009 at 12:04 PM, David Conrad <[email protected]> wrote: > On Nov 4, 2009, at 11:41 AM, Matthew Dempsky wrote: >> On Wed, Nov 4, 2009 at 11:26 AM, <[email protected]> wrote: >>> The current deployment plan is to stage things to push out large >>> responses >>> early - prior to having any actual DNSSEC usable data ... ostensibly >>> to >>> flush out DNSmtu problems. >> >> Is this plan to push out large responses indiscriminately, or only in >> response to queries with DO=1? > > We're not planning on breaking the DNS protocol. DNSSEC responses will only > be provided if DO=1 (currently about 70% of the queries hitting the root have > DO=1).
I'd appreciate if someone could clarify what the "large responses" that will preexist "actual DNSSEC usable data" that Bill Manning is referring to are. It's unclear to me whether it's still technically DNSSEC data and hence would require a client to send DO=1, or if it will be something like large additional section TXT records or just trailing bytes. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
