[dns-operations] wrapup of fragmentation/do/tcp discussionrequested
george.barwood at blueyonder.co.uk
Mon Jun 22 08:48:14 UTC 2009
----- Original Message -----
From: "David Conrad" <drc at virtualized.org>
> DNSSEC over TCP is always acceptable (or should be), albeit it should
> be avoided if possible due to the increased load it places on
> authoritative servers. In most cases, that additional load is
> irrelevant. However, in the case of the root servers, it is a bit
I think the root server case is not the same, because the root will be NSEC rather than NSEC3,
which means that normal referrals will not be truncated, although the a fairly severe reduction
in glue can happen, e.g.
dig com @ns.iana.org +dnssec +bufsize=512
yields just 2 A records and one AAAA record. Unclear whether this is a problem.
More information about the dns-operations