[dns-operations] The possible problems after May 5th

Shumon Huque shuque at isc.upenn.edu
Fri Apr 9 13:41:39 UTC 2010

On Thu, Apr 08, 2010 at 02:21:28PM -0700, Matthew Dempsky wrote:
> For fun, I patched dnscache to only send queries over TCP and then
> tried resolving a bunch of popular domain names with it.
> I also tried a bunch of other names that randomly came to mind, and
> found these didn't resolve either:
> [...]
> www.upenn.edu

This is ours, so I'll comment. The upenn.edu nameservers do answer
over TCP. The "www.upenn.edu" domain name in particular is  Akamaized, 
and Akamai's nameservers don't answer over TCP. As long as their 
answers remain within 512B, things should work.

(And yes, I'm aware of the self-inflicted problems caused by the
decision to use Akamai: we can't secure the name->IP mapping for
www.upenn.edu because Akamai hasn't deployed DNSSEC. We also can't
offer www.upenn.edu over IPv6 because Akamai doesn't do IPv6, ...)


More information about the dns-operations mailing list