[dns-operations] wrapup of fragmentation/do/tcp discussion requested
Patrik Fältström
patrik at frobbit.se
Sun Jun 21 17:22:30 UTC 2009
On 21 jun 2009, at 12.49, bert hubert wrote:
> Was .se immune because it does not do NSEC3?
What I have seen in the case of .SE is similar to what I saw when for
example yahoo.com started to have response sizes larger than 512
bytes, that EDNS0 is really necessary. I have not seen any problems in
Sweden in reality what some "theoretical" discussions on this list
refer to regarding size issues.
This is why I have asked a few times what issues people _really_ see
with the size. I have still not understood. Is it that deployed
hardware do throw away fragmented packets, that fragmentation does not
happen, or ...
The only thing I can not have seen, even if it "would be a problem"
would be the backoff to TCP in the case of a truncated response. I am
not sitting with data from such servers so that I can respond. Other
people on this list can say whether that has been a problem or not.
What has been much more complicated is the sync:ing of keys between
parent and child zones, i.e. keeping the DS up to date.
Patrik
More information about the dns-operations
mailing list