[dns-operations] How much trouble am in in on May 5?

Joe Abley jabley at hopcount.ca
Wed May 5 10:26:41 UTC 2010


Hi Bill,

On 2010-05-05, at 11:42, bmanning at vacation.karoshi.com wrote:

> 	its worse than that... hes dead Jim.
> 	the concern is that DNS messages from the root
> 	will exceed the original DNS spec size.  e.g.
> 	
> 	the messages will be about 800 bytes instead of just less 
> 	than 512 bytes.

I have not heard that concern. If that's what you really mean, please explain.

Clients who request answers over UDP without EDNS0 (the clients you're talking about, following the original DNS spec size) cannot set the DO bit, and hence ought not receive larger responses.

A quick survey (from a single point source) did not reveal any root server currently serving the DURZ that issues >512 byte responses to queries received over UDP without EDNS0. Have you found otherwise?

The concern that led us to stage an incremental roll-out with data collection and analysis was related to clients who signal using EDNS0 that they are able to receive larger responses than the original DNS spec size (and which set DO=1). See "DNS Deployment for the Root Zone" <http://www.root-dnssec.org/wp-content/uploads/2010/02/draft-icann-dnssec-deployment-01.txt>.


Joe


More information about the dns-operations mailing list