[dns-operations] .fr has 5 DNSKEYs

Edward Lewis Ed.Lewis at neustar.biz
Wed Jun 1 13:19:38 UTC 2011


At 9:42 +0200 6/1/11, Stephane Bortzmeyer wrote:

>You should also thank .BE, .BIZ (1901 bytes for DNSKEY set today) and
>ICANN.ORG :-)

FWIW, we've had a large key set for quite a while.  No reports of 
problems from the outside, and no measurable impact on performance on 
the inside.  Until I mentioned it, no one seemed to notice we had 5 
keys. ;)

I'm willing to take reports of problems to our internal service desk. 
In the absence of any, I'm less inclined to worry about message size 
and TCP fallback than before.

DNSSEC is new.  The scary part is that we still don't know what to fear.

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar                    You can leave a voice message at +1-571-434-5468

Now, don't say I'm always complaining.
Wait, that's a complaint, isn't it?



More information about the dns-operations mailing list