RE: Preparing for upcoming DNSSEC changes on 5/5

On May 5 2010, Lightner, Jeff wrote: 8:30 EDT 05/05/2010 and the world hasn't ended here yet. The switchover of j.root-servers.net to "DURZ" is scheduled for 17:00-19:00 UTC (see http://www.root-dnssec.org/ - or just try "dig dnskey . @j.root-servers.net"). We aren't there yet ... We can cel

Re: Preparing for upcoming DNSSEC changes on 5/5

On 5/5/2010 1:32 PM, Lightner, Jeff wrote: > 8:30 EDT 05/05/2010 and the world hasn't ended here yet. > > We can celebrate Cinco de Mayo in peace. If only I didn't detest > tequila. > > Side note: I've actually been to Puebla Mexico which is where the > battle that Cinco de Mayo commemorates to

RE: Preparing for upcoming DNSSEC changes on 5/5

rom: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of Laws, Peter C. Sent: Tuesday, May 04, 2010 6:09 PM To: bind-us...@isc.org Subject: RE: Preparing for upcoming DNSSEC changes on 5/5 > It may be the person that su

RE: Preparing for upcoming DNSSEC changes on 5/5

> It may be the person that suggested setting it was under the > misapprehension that the two values would be the same but the quote from > the Java testing tool made it clear that is NOT the case. I think this is it exactly. But someone in the thread seemed pretty certain that we needed to set

RE: Preparing for upcoming DNSSEC changes on 5/5

rk Andrews Sent: Tuesday, May 04, 2010 12:01 AM To: Laws, Peter C. Cc: bind-us...@isc.org Subject: Re: Preparing for upcoming DNSSEC changes on 5/5 In message <789398ea51916246a8016370ebc0231f0f3...@it-rome.sooner.net.ou.edu>, "Laws, Peter C." writes: > Yes, I get all that. But e

Re: Preparing for upcoming DNSSEC changes on 5/5

In message <789398ea51916246a8016370ebc0231f0f3...@it-rome.sooner.net.ou.edu>, "Laws, Peter C." writes: > Yes, I get all that. But earlier in the thread, I noted that: > > "Mine are all saying "x.x.x.x sent EDNS buffer size 4096" when I run the > dns-oarc.net test, which I assume is the defau

RE: Preparing for upcoming DNSSEC changes on 5/5

t: Monday, May 03, 2010 20:19 To: Laws, Peter C. Cc: bind-us...@isc.org Subject: Re: Preparing for upcoming DNSSEC changes on 5/5 In message <4bdf4b79.4050...@ou.edu>, Peter Laws writes: > On 05/03/10 16:19, Mark Andrews wrote: > > > The test is a rough guide to the maximum packe

Re: Preparing for upcoming DNSSEC changes on 5/5

In message <4bdf4b79.4050...@ou.edu>, Peter Laws writes: > On 05/03/10 16:19, Mark Andrews wrote: > > > The test is a rough guide to the maximum packet size supported by the path. > > So what would be the point of using edns-udp-size to something even > smaller? None I can see ... > > What am

Re: Preparing for upcoming DNSSEC changes on 5/5

On 05/03/10 16:19, Mark Andrews wrote: The test is a rough guide to the maximum packet size supported by the path. So what would be the point of using edns-udp-size to something even smaller? None I can see ... What am I missing? -- Peter Laws / N5UWY National Weather Center / Network Op

Re: Preparing for upcoming DNSSEC changes on 5/5

In message <4bdf39f7.1060...@ou.edu>, Peter Laws writes: > On 05/03/10 15:55, Lightner, Jeff wrote: > > > > Also one of the links I sent earlier had a similar comment about less > > than 300 bytes difference not being a problem. I had missed that. > > > > 4096 - 3843 = 153 > > It seems if I'd p

Re: Preparing for upcoming DNSSEC changes on 5/5

On 05/03/10 15:55, Lightner, Jeff wrote: Also one of the links I sent earlier had a similar comment about less than 300 bytes difference not being a problem. I had missed that. 4096 - 3843 = 153 It seems if I'd paid attention I'd not have posted my follow up questions. It's not on the dns-o

RE: Preparing for upcoming DNSSEC changes on 5/5

age- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of Peter Laws Sent: Monday, May 03, 2010 4:29 PM To: Kalman Feher Cc: bind-us...@isc.org Subject: Re: Preparing for upcoming DNSSEC changes on 5/5 On 05/03/10

Re: Preparing for upcoming DNSSEC changes on 5/5

On 05/03/10 14:56, Kalman Feher wrote: You probably should. Your resolver is saying its capable of handling 4096, but apparently your network path may not support that. The changes on the The network path to dns-oarc.net doesn't, but that doesn't really mean anything. To some resolvers, the

RE: Preparing for upcoming DNSSEC changes on 5/5

ghtner=water@lists.isc.org] On Behalf > Of Alan Clegg > Sent: Monday, May 03, 2010 12:23 PM > To: bind-users@lists.isc.org > Subject: Re: Preparing for upcoming DNSSEC changes on 5/5 > > On 5/3/2010 4:36 PM, Lightner, Jeff wrote: > >> It sounds as if he read an ar

RE: Preparing for upcoming DNSSEC changes on 5/5

Feher Sent: Monday, May 03, 2010 4:10 PM To: bind-us...@isc.org Subject: Re: Preparing for upcoming DNSSEC changes on 5/5 On 3/05/10 9:54 PM, "Lightner, Jeff" wrote: > On doing that however, I now see the advertised value is 3839 but the > "at least" value is 3828 on

Re: Preparing for upcoming DNSSEC changes on 5/5

On 3/05/10 9:54 PM, "Lightner, Jeff" wrote: > On doing that however, I now see the advertised value is 3839 but the > "at least" value is 3828 on one and 3827 on the other as shown below. > Based on that it appears one should NOT set the edns-udp-size as it > doesn't fix the problem. This appe

RE: Preparing for upcoming DNSSEC changes on 5/5

tner=water@lists.isc.org] On Behalf Of Peter Laws Sent: Monday, May 03, 2010 1:16 PM To: bind-us...@isc.org Subject: Re: Preparing for upcoming DNSSEC changes on 5/5 On 01/-10/37 13:59, Kalman Feher wrote: > > Second, make sure the tested effective size appears in your named.conf in > the

Re: Preparing for upcoming DNSSEC changes on 5/5

.org] On Behalf > Of Alan Clegg > Sent: Monday, May 03, 2010 12:23 PM > To: bind-users@lists.isc.org > Subject: Re: Preparing for upcoming DNSSEC changes on 5/5 > > On 5/3/2010 4:36 PM, Lightner, Jeff wrote: > >> It sounds as if he read an article saying we have to implem

RE: Preparing for upcoming DNSSEC changes on 5/5

ere other testing I need to do? -Original Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of Alan Clegg Sent: Monday, May 03, 2010 12:23 PM To: bind-users@lists.isc.org Subject: Re: Preparing for upcoming DNSSEC

Re: Preparing for upcoming DNSSEC changes on 5/5

On 01/-10/37 13:59, Kalman Feher wrote: Second, make sure the tested effective size appears in your named.conf in the options statement "edns-udp-size" on your resolver. In your case: edns-udp-size 3843; Mine are all saying "x.x.x.x sent EDNS buffer size 4096" when I run the dns-oarc.net

Re: Preparing for upcoming DNSSEC changes on 5/5

On 5/3/2010 4:36 PM, Lightner, Jeff wrote: > It sounds as if he read an article saying we have to implement DNSSEC on > our DNS servers or we'll quit working on 5/5? Is that the case? > > Also what is the drop dead date/time if so? 5/5 Midnight UTC? Some > other time? You don't need to do any

RE: Preparing for upcoming DNSSEC changes on 5/5

riginal Message- From: bind-users-bounces+jlightner=water@lists.isc.org [mailto:bind-users-bounces+jlightner=water@lists.isc.org] On Behalf Of Kalman Feher Sent: Monday, May 03, 2010 9:38 AM To: BIND users Subject: Re: Preparing for upcoming DNSSEC changes on 5/5 On 1/05/10 7:10 PM, "

Re: Preparing for upcoming DNSSEC changes on 5/5

On 1/05/10 7:10 PM, "Server Administrator" wrote: > I tried OARC's DNS Reply Size Test on two of my name servers, both on > the same network, behind the same firewall & router. > > Both came back and reported "DNS reply size limit is at least 3843" > (results below). > > Is 3843 close enough

Re: Preparing for upcoming DNSSEC changes on 5/5

On Sat, 2010-05-01 at 13:10 -0400, Server Administrator wrote: > I tried OARC's DNS Reply Size Test on two of my name servers, both on > the same network, behind the same firewall & router. > > Both came back and reported "DNS reply size limit is at least 3843" > (results below). > I'd image s