[dns-operations] Some DNSSEC trivia
Paul Vixie
paul at vix.com
Wed Jan 9 19:37:41 UTC 2008
> > Please add "4096 Byte EDNS0 UDP Queries".
>
> As MUST or MUST NOT? It's not clear to me if large UDP packet support
> beyond the de-facto Internet MTU is a good idea due to the traffic
> amplification issue.
is this a general principle (there should be no asymmetrically sized UDP
flows due to lack of worldwide BCP38 deployment) or is it specific to DNS?
> I'd rather see that servers respond to 53/TCP in all cases. That way,
> a resolver which detects that it's under a spoofing attack can fall
> back to TCP, hopefully relying on the somewhat stronger TCP sequence
> numbers.
there's just no way to meet the transaction rate requirements, even with
TTCP if that were universally deployed. state is the enemy of scale.
More information about the dns-operations
mailing list