[dns-operations] Some DNSSEC trivia
paul at vix.com
Wed Jan 9 19:37:41 UTC 2008
> > Please add "4096 Byte EDNS0 UDP Queries".
> As MUST or MUST NOT? It's not clear to me if large UDP packet support
> beyond the de-facto Internet MTU is a good idea due to the traffic
> amplification issue.
is this a general principle (there should be no asymmetrically sized UDP
flows due to lack of worldwide BCP38 deployment) or is it specific to DNS?
> I'd rather see that servers respond to 53/TCP in all cases. That way,
> a resolver which detects that it's under a spoofing attack can fall
> back to TCP, hopefully relying on the somewhat stronger TCP sequence
there's just no way to meet the transaction rate requirements, even with
TTCP if that were universally deployed. state is the enemy of scale.
More information about the dns-operations