[dns-operations] wrapup of fragmentation/do/tcp discussion requested

Patrik Fältström patrik at frobbit.se
Sun Jun 21 17:22:30 UTC 2009

On 21 jun 2009, at 12.49, bert hubert wrote:

> Was .se immune because it does not do NSEC3?

What I have seen in the case of .SE is similar to what I saw when for  
example yahoo.com started to have response sizes larger than 512  
bytes, that EDNS0 is really necessary. I have not seen any problems in  
Sweden in reality what some "theoretical" discussions on this list  
refer to regarding size issues.

This is why I have asked a few times what issues people _really_ see  
with the size. I have still not understood. Is it that deployed  
hardware do throw away fragmented packets, that fragmentation does not  
happen, or ...

The only thing I can not have seen, even if it "would be a problem"  
would be the backoff to TCP in the case of a truncated response. I am  
not sitting with data from such servers so that I can respond. Other  
people on this list can say whether that has been a problem or not.

What has been much more complicated is the sync:ing of keys between  
parent and child zones, i.e. keeping the DS up to date.


More information about the dns-operations mailing list