[dns-operations] The possible problems after May 5th
Mark Andrews
marka at isc.org
Thu Apr 8 00:21:33 UTC 2010
In message <20100407194355.GA21120 at laperouse.bortzmeyer.org>, Stephane Bortzmey
er writes:
> Since my employer warned network administrators about possible
> consequences of the root signing
> <http://www.afnic.fr/actu/nouvelles/240/afnic-invites-network-managers-to-pre
> pare-for-the-signing-of-the-dns-root-in-may-2010>,
> I received several requests from people asking under which conditions
> exactly will things break when the last root name server will server
> DNSSEC data.
If you block DNS over TCP then some lookups are likely to break
especially so if you also block UDP DNS packets bigger than 512
bytes or you block IP fragments as both of these increase the
likelyhood of TCP use.
If you block UDP DNS packets bigger than 512 bytes then DNS lookups
will be slower than they should be.
If you block IP fragments then some DNS lookups will be slower than
they should should be.
> It helped me to write it as pseudo-code so I post the results of my
> thoughts here:
>
> http://www.bortzmeyer.org/files/dns-size-pseudocode.txt
>
> Comments and criticims welcome.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list