In message <af9e632c-c470-4ea8-9bb4-bf144d208...@icsi.berkeley.edu>, Nicholas W eaver writes: > > On Nov 4, 2009, at 11:41 AM, Matthew Dempsky wrote: > > > On Wed, Nov 4, 2009 at 11:26 AM, <bmann...@vacation.karoshi.com> > > wrote: > >> The current deployment plan is to stage things to push out > >> large responses > >> early - prior to having any actual DNSSEC usable data ... > >> ostensibly to > >> flush out DNSmtu problems. > > > > Is this plan to push out large responses indiscriminately, or only in > > response to queries with DO=1? > > Also, has someone done a study what the major recursive resolvers do > on response failures from a root? Do they go to another first or do > they try a smaller EDNS MTU?
You do realise that the roots have been emitting DNS/UDP responses bigger that 512 bytes for ages now. The network did not grind to a halt when that started. It won't grind to a halt when the root is signed. There would be very few networks that NEVER make queries to COM or NET zones and referrals to the COM and NET zones have exceed 512 bytes for a long time now. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
