[dns-operations] No public calendar for the root signingdeployment
bmanning at vacation.karoshi.com
bmanning at vacation.karoshi.com
Thu Dec 10 19:21:37 UTC 2009
On Thu, Dec 10, 2009 at 09:30:18AM -0800, Sam Norris wrote:
> >----- Original Message -----
> >From: "Paul Vixie" <vixie at isc.org>
> >i don't think that notifications coming from the internet operations
> >community are going to do much good. most udp/53 size limits are in boxes
> >whose owners do not understand these issues and would not recognize a
> >warning on this topic unless it came from their hardware/services vendor.
>
> is there a BCP about this topic we can direct vendors to?
no BCP... and not nearly enough time to get one out.
from my limited scope testing (from one root) there are
double-digit percentage of priming queries that will get
hit with this problem... I think parts of the internet
will go dark. I suspect that one reason the staged rollout
of a signed, but useless for DNSSEC purposes root zone prior
to a usable signed root zone is to flush out the extent of
this problem... but I'm just guessing here.
--bill
More information about the dns-operations
mailing list