- Original Message -
From: "Olafur Gudmundsson"
To:
Sent: Wednesday, January 13, 2010 6:19 PM
Subject: [DNSOP] Priming query transport selection
> 26 signed glue records will require about 5K answer if each RRSet is
> signed by a single 1024 bit RSA key.
> This will never fit into an
Attn: TSVWG Working Group, DNSOPS Working Group and APPS AREA Working Group
There is a new version of the Internet Assigned Numbers Authority (IANA)
Procedures for the Management
of the Transport Protocol Port Number and Service Name Registry document:
draft-ietf-tsvwg-iana-ports-04.txt
Please
* Jim Reid:
> On 15 Jan 2010, at 13:20, Florian Weimer wrote:
>
>> DO is rather pointless because the priming response cannot be
>> validated anyway (even if ROOT-SERVERS.NET were secure, which is
>> currently not planned).
>
> It's not pointless. Validating the priming response requires two
> ope
On 15 Jan 2010, at 13:20, Florian Weimer wrote:
DO is rather pointless because the priming response cannot be
validated anyway (even if ROOT-SERVERS.NET were secure, which is
currently not planned).
It's not pointless. Validating the priming response requires two
operations. The first of the
* Jim Reid:
> The preferred approach might probably be along these lines:
> [1] EDNS0 + DO with a buffer of 5-8K (ish)
> [2] TCP + DO when [1] fails
> [3] EDNS0 + DO + 1.5K (ish) buffer if [2] fails
> [4] EDNS0 (no DO) with a 1.5K (ish) buffer
> [5] Vanilla UDP (no ED
Olafur Gudmundsson writes:
> Proposed replacement text:
>A priming query MUST use a QNAME of "." and a QTYPE of NS, QCLASS of IN,
>with RD bit set to 0, the source port of the query should be randomly
>selected [RFC5452].
>A DNSSEC aware resolver SHOULD sent the priming query over
> The text in RFC 2671, presented as a hint, could deal to similar issues
> with the TCP transport for DNS (working to change SHOULD for MUST).
Can you elaborate on what you mean?
I presume you're aware of my draft-ietf-dnsext-dns-tcp-requirements ?
> From BIND ARM 9.7.0
>
> ---
