[DNSOP] Adoption of

2009-11-11 Thread Peter Koch
Dear WG, during the session on Wednesday, the authors of DNSSEC Signing Policy & Practice Statement Framework asked for the adoption of the draft as a working group item. The sense of the room was in favour o

Re: [DNSOP] [dnsext] Re: Computerworld apparently has changed DNS protocol

2009-11-11 Thread Duane Wessels
On Wed, 11 Nov 2009, Florian Weimer wrote: Have you installed any trust anchors in the resolver? (I don't think so, the packet numbers are a bit on the lower side for that.) I didn't. I was mostly interested in the "DURZ" case where the root zone becomes signed but people aren't configurin

Re: [DNSOP] [dnsext] Re: Computerworld apparently has changed DNS protocol

2009-11-11 Thread Duane Wessels
On Wed, 4 Nov 2009, Nicholas Weaver wrote: Also, has someone done a study what the major recursive resolvers do on response failures from a root? Do they go to another first or do they try a smaller EDNS MTU? I gave a presentation on this at the DNS-OARC meeting last week: https://www.dns

Re: [DNSOP] [dnsext] Re: Computerworld apparently has changed DNS protocol

2009-11-11 Thread George Michaelson
On 11/11/2009, at 3:29 PM, Duane Wessels wrote: > > > On Wed, 4 Nov 2009, Nicholas Weaver wrote: > >> Also, has someone done a study what the major recursive resolvers do on >> response failures from a root? Do they go to another first or do they try a >> smaller EDNS MTU? > > I gave a pre

Re: [DNSOP] [dnsext] Re: Computerworld apparently has changed DNS protocol

2009-11-11 Thread Nicholas Weaver
On Nov 10, 2009, at 10:42 PM, George Michaelson wrote: > On 11/11/2009, at 3:29 PM, Duane Wessels wrote: >> On Wed, 4 Nov 2009, Nicholas Weaver wrote: >> >>> Also, has someone done a study what the major recursive resolvers do on >>> response failures from a root? Do they go to another first or

Re: [DNSOP] [dnsext] Re: Computerworld apparently has changed DNS protocol

2009-11-11 Thread Florian Weimer
* Duane Wessels: > On Wed, 4 Nov 2009, Nicholas Weaver wrote: > >> Also, has someone done a study what the major recursive resolvers do >> on response failures from a root? Do they go to another first or do >> they try a smaller EDNS MTU? > > I gave a presentation on this at the DNS-OARC meeting

[DNSOP] what i said at the mic (re: dnssec-key-timing)

2009-11-11 Thread Jelte Jansen
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, the slide that mentioned algorithm rollover mentioned it at a diagram of double-signature rolls, which will probably not be sufficient for that, see http://tools.ietf.org/html/draft-ietf-dnsop-rfc4641bis-01#section-4.2.4 (btw i agree with olaf t