--- Begin Message ---
Robert Edmonds wrote on 2023-07-20 14:50:
Mark Andrews wrote:
...
Yes, there are lookups that can take a long time to perform with a cold
cache. By putting lots of users behind large, centralized caches we can
insulate users from a lot of cold cache lookups, but these
Mark Andrews wrote:
> Lookups take enormous numbers of queries these days. A support customer
> was asking why a lookup wasn’t completing within 3 seconds. The resolution
> process took 48 queries with a cold cache. Involved several CDNs and required
> fetching nameserver addresses in several
On a similar issue, why aren’t the root servers all implementing DNS COOKIES as
it provides clients protection from spoofed referrals?
--
Mark Andrews
> On 21 Jul 2023, at 03:16, David Conrad wrote:
>
> Hi,
>
>> On Jul 20, 2023, at 7:29 AM, Viktor Dukhovni wrote:
>> Finally, for the RSAC
Hi,
On Jul 20, 2023, at 7:29 AM, Viktor Dukhovni wrote:
> Finally, for the RSAC (yes not the right forum to formally lodge the
> question), should the root zone DS TTL still be 1 day? Would a change
> to one hour be acceptable (aligning with it with the practice of many
> TLDs and aiding in
On Thu, Jul 20, 2023 at 07:25:17AM -0400, Hugo Salgado wrote:
> They are aware and working on this. Thanks!
The final working state is still somewhat suboptimal:
- The KSKs are 4096 bit RSA. This is pointless, the DS RRset from
the root is signed with a 2048-bit RSA key. The additional bits
On Thu, Jul 20, 2023 at 07:25:17AM -0400,
Hugo Salgado wrote
a message of 148 lines which said:
> They are aware and working on this. Thanks!
It works now.
$ dig NS ve
; <<>> DiG 9.18.14 <<>> NS ve
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
They are aware and working on this. Thanks!
Hugo
On July 20, 2023 3:40:06 AM GMT-04:00, Stephane Bortzmeyer
wrote:
>On Thu, Jul 20, 2023 at 09:37:10AM +0200,
> Stephane Bortzmeyer wrote
> a message of 6 lines which said:
>
>> https://dnsviz.net/d/ve/ZLjinw/dnssec/
>>
>> The DS goes to a
It looks like one of the USGBKR cases...
cf. https://lists.dns-oarc.net/pipermail/dns-operations/2014-March/011399.html
Before: https://dnsviz.net/d/ve/ZLZ8ng/dnssec/
After: https://dnsviz.net/d/ve/ZLjinw/dnssec/
-- Yasuhiro Orange Morishita
From: Stephane Bortzmeyer
Subject: [dns-operations]
Hi Stephane,
I just sent them (nic.ve) an email from non-validating resolver.
I hope they'll able to check emails.
--
Benjamin Farine
On 20/07/2023, 09:47, "dns-operations on behalf of Stephane Bortzmeyer"
mailto:dns-operations-boun...@dns-oarc.net> on behalf of bortzme...@nic.fr
On Thu, Jul 20, 2023 at 09:37:10AM +0200,
Stephane Bortzmeyer wrote
a message of 6 lines which said:
> https://dnsviz.net/d/ve/ZLjinw/dnssec/
>
> The DS goes to a key which does not sign (and there is no DS for the
> key which is actually signing.)
Any contact not in .ve to tell them? My
https://dnsviz.net/d/ve/ZLjinw/dnssec/
The DS goes to a key which does not sign (and there is no DS for the
key which is actually signing.)
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
11 matches
Mail list logo