Re: [DNSOP] [dnsext] Re: Computerworld apparently has changed DNS protocol

On Wed, 11 Nov 2009, Florian Weimer wrote: Have you installed any trust anchors in the resolver? (I don't think so, the packet numbers are a bit on the lower side for that.) I didn't. I was mostly interested in the "DURZ" case where the root zone becomes signed but people aren't configurin

Re: [DNSOP] [dnsext] Re: Computerworld apparently has changed DNS protocol

On Wed, 4 Nov 2009, Nicholas Weaver wrote: Also, has someone done a study what the major recursive resolvers do on response failures from a root? Do they go to another first or do they try a smaller EDNS MTU? I gave a presentation on this at the DNS-OARC meeting last week: https://www.dns

Re: [DNSOP] [dnsext] Re: Computerworld apparently has changed DNS protocol

On 11/11/2009, at 3:29 PM, Duane Wessels wrote: > > > On Wed, 4 Nov 2009, Nicholas Weaver wrote: > >> Also, has someone done a study what the major recursive resolvers do on >> response failures from a root? Do they go to another first or do they try a >> smaller EDNS MTU? > > I gave a pre

Re: [DNSOP] [dnsext] Re: Computerworld apparently has changed DNS protocol

On Nov 10, 2009, at 10:42 PM, George Michaelson wrote: > On 11/11/2009, at 3:29 PM, Duane Wessels wrote: >> On Wed, 4 Nov 2009, Nicholas Weaver wrote: >> >>> Also, has someone done a study what the major recursive resolvers do on >>> response failures from a root? Do they go to another first or

Re: [DNSOP] [dnsext] Re: Computerworld apparently has changed DNS protocol

* Duane Wessels: > On Wed, 4 Nov 2009, Nicholas Weaver wrote: > >> Also, has someone done a study what the major recursive resolvers do >> on response failures from a root? Do they go to another first or do >> they try a smaller EDNS MTU? > > I gave a presentation on this at the DNS-OARC meeting

Re: [DNSOP] [dnsext] Re: Computerworld apparently has changed DNS protocol

On 11/11/2009, at 3:29 PM, Duane Wessels wrote: > > > On Wed, 4 Nov 2009, Nicholas Weaver wrote: > >> Also, has someone done a study what the major recursive resolvers do on >> response failures from a root? Do they go to another first or do they try a >> smaller EDNS MTU? > > I gave a pre

Re: [DNSOP] [dnsext] Re: Computerworld apparently has changed DNS protocol

Matthew, On Nov 4, 2009, at 1:45 PM, Matthew Dempsky wrote: > On Wed, Nov 4, 2009 at 12:04 PM, David Conrad wrote: >> On Nov 4, 2009, at 11:41 AM, Matthew Dempsky wrote: >>> On Wed, Nov 4, 2009 at 11:26 AM, wrote: The current deployment plan is to stage things to push out large

Re: [DNSOP] [dnsext] Re: Computerworld apparently has changed DNS protocol

On 5/11/2009, at 10:45 AM, Matthew Dempsky wrote: I'd appreciate if someone could clarify what the "large responses" that will preexist "actual DNSSEC usable data" that Bill Manning is referring to are. It's unclear to me whether it's still technically DNSSEC data and hence would require a cli

Re: [DNSOP] [dnsext] Re: Computerworld apparently has changed DNS protocol

On Wed, Nov 4, 2009 at 12:04 PM, David Conrad wrote: > On Nov 4, 2009, at 11:41 AM, Matthew Dempsky wrote: >> On Wed, Nov 4, 2009 at 11:26 AM,   wrote: >>>        The current deployment plan is to stage things to push out large >>> responses >>>        early - prior to having any actual DNSSEC us

Re: [DNSOP] [dnsext] Re: Computerworld apparently has changed DNS protocol

On Wed, Nov 4, 2009 at 11:26 AM, wrote: >        The current deployment plan is to stage things to push out large > responses >        early - prior to having any actual DNSSEC usable data ... ostensibly to >        flush out DNSmtu problems. Is this plan to push out large responses indiscrimin

Re: [DNSOP] [dnsext] Re: Computerworld apparently has changed DNS protocol

In message , Nicholas W eaver writes: > > On Nov 4, 2009, at 11:41 AM, Matthew Dempsky wrote: > > > On Wed, Nov 4, 2009 at 11:26 AM, > > wrote: > >>The current deployment plan is to stage things to push out > >> large responses > >>early - prior to having any actual DNSSEC

Re: [DNSOP] [dnsext] Re: Computerworld apparently has changed DNS protocol

* Nicholas Weaver: > Also, has someone done a study what the major recursive resolvers do > on response failures from a root? Do they go to another first or do > they try a smaller EDNS MTU? Note that switching seems beneficial because six roots MTUs clearly support MTUs less than 1500, and seve

Re: [DNSOP] [dnsext] Re: Computerworld apparently has changed DNS protocol

* Matthew Dempsky: > On Wed, Nov 4, 2009 at 11:26 AM, wrote: >>        The current deployment plan is to stage things to push out large >> responses >>        early - prior to having any actual DNSSEC usable data ... ostensibly >> to >>        flush out DNSmtu problems. > > Is this plan to pus

Re: [DNSOP] [dnsext] Re: Computerworld apparently has changed DNS protocol

On Nov 4, 2009, at 11:41 AM, Matthew Dempsky wrote: > On Wed, Nov 4, 2009 at 11:26 AM, wrote: >>The current deployment plan is to stage things to push out large >> responses >>early - prior to having any actual DNSSEC usable data ... ostensibly >> to >>flush out DNSmtu p

Re: [DNSOP] [dnsext] Re: Computerworld apparently has changed DNS protocol

On Nov 4, 2009, at 11:41 AM, Matthew Dempsky wrote: On Wed, Nov 4, 2009 at 11:26 AM, wrote: The current deployment plan is to stage things to push out large responses early - prior to having any actual DNSSEC usable data ... ostensibly to flush out DNSmtu problems.