[dns-operations] Some DNSSEC trivia

Paul Vixie paul at vix.com
Wed Jan 9 19:37:41 UTC 2008

> > Please add "4096 Byte EDNS0 UDP Queries".
> As MUST or MUST NOT?  It's not clear to me if large UDP packet support
> beyond the de-facto Internet MTU is a good idea due to the traffic
> amplification issue.

is this a general principle (there should be no asymmetrically sized UDP
flows due to lack of worldwide BCP38 deployment) or is it specific to DNS?

> I'd rather see that servers respond to 53/TCP in all cases.  That way,
> a resolver which detects that it's under a spoofing attack can fall
> back to TCP, hopefully relying on the somewhat stronger TCP sequence
> numbers.

there's just no way to meet the transaction rate requirements, even with
TTCP if that were universally deployed.  state is the enemy of scale.

More information about the dns-operations mailing list