[dns-operations] wrapup of fragmentation/do/tcp discussionrequested

George Barwood george.barwood at blueyonder.co.uk
Mon Jun 22 08:48:14 UTC 2009

----- Original Message ----- 
From: "David Conrad" <drc at virtualized.org>

> DNSSEC over TCP is always acceptable (or should be), albeit it should  
> be avoided if possible due to the increased load it places on  
> authoritative servers.  In most cases, that additional load is  
> irrelevant.  However, in the case of the root servers, it is a bit  
> worrisome.

I think the root server case is not the same, because the root will be NSEC rather than NSEC3,
which means that normal referrals will not be truncated, although the a fairly severe reduction
in glue can happen, e.g.

dig com @ns.iana.org +dnssec +bufsize=512

yields just 2 A records and one AAAA record. Unclear whether this is a problem.

More information about the dns-operations mailing list