On Nov 10, 2009, at 10:42 PM, George Michaelson wrote: > On 11/11/2009, at 3:29 PM, Duane Wessels wrote: >> On Wed, 4 Nov 2009, Nicholas Weaver wrote: >> >>> Also, has someone done a study what the major recursive resolvers do on >>> response failures from a root? Do they go to another first or do they try >>> a smaller EDNS MTU? >> >> I gave a presentation on this at the DNS-OARC meeting last week: >> >> https://www.dns-oarc.net/files/workshop-200911/Duane_Wessels.pdf >> >> I was only able to test BIND (9.4.3) and Unbound (1.3.3) before the >> workshop. >> >> I've since learned that since my graphs only show 7 seconds after >> the initial query, it misses Unbound's fallback to TCP, which >> takes longer than that. > > Great presentation.
A strong second, and many thanks for posting this. The only other thing which needs to be added is understanding what happens at the 1500B MTU point rather than the 512B point (increase key size and/or record count to hit), since our early testing with Netalyzr showed that its the 1500B boundary that is the big problem for most recursive resolvers, due to firewall rules and similar that can't handle UDP fragments. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
