> On Jan 23, 2016, at 2:25 PM, Matthäus Wander <[email protected]> > wrote: > > > There's another issue: once root-servers.net is signed, the priming > response will contain RRSIG in the ADDITIONAL section.
Indeed. According to my simple test if root-servers.net is signed (the same way as the root zone), the response size jumps quite a bit: EDNS0? UDPsize DO= RSN signed? resp size ------ ------- --- ----------- --------- n - - n 492-512 y 4096 0 n 755 y 4096 1 n 913 y 8192 1 y 4081 And these sizes could increase if two remaining letters decide to add AAAA records. DW _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
