[dns-operations] No public calendar for the root signingdeployment
Sebastian Castro
sebastian at nzrs.net.nz
Mon Dec 14 21:25:48 UTC 2009
bmanning at vacation.karoshi.com wrote:
> On Thu, Dec 10, 2009 at 09:30:18AM -0800, Sam Norris wrote:
>>> ----- Original Message -----
>>> From: "Paul Vixie" <vixie at isc.org>
>>> i don't think that notifications coming from the internet operations
>>> community are going to do much good. most udp/53 size limits are in boxes
>>> whose owners do not understand these issues and would not recognize a
>>> warning on this topic unless it came from their hardware/services vendor.
>> is there a BCP about this topic we can direct vendors to?
>
> no BCP... and not nearly enough time to get one out.
> from my limited scope testing (from one root) there are
> double-digit percentage of priming queries that will get
> hit with this problem... I think parts of the internet
> will go dark. I suspect that one reason the staged rollout
> of a signed, but useless for DNSSEC purposes root zone prior
> to a usable signed root zone is to flush out the extent of
> this problem... but I'm just guessing here.
>
<hat type="caida">
If you can detail the methodology you used to get your numbers, I can
try to extended your scope by using the DITL 2009 data.
</hat>
I did some work finding evidence of EDNS fallback[1] in the root server
traces and found it was very small percentage (0.44% of the total). Must
clarify I used a sample.
[1] EDNS fallback is the process of a client trying and retrying the
same query with EDNS enabled. After a number of retries, drops the EDNS
support and the query is not seen again. We assume the retries are
caused by the client being unable to get a response.
Cheers
Sebastian
> --bill
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
More information about the dns-operations
mailing list