large organization nameservers sending icmp packets to dns servers.
Paul Vixie
vixie at vix.com
Thu Aug 9 22:58:40 UTC 2007
Valdis.Kletnieks at vt.edu writes:
> > ... advising folks to monitor their authority servers to find out how
> > many truncated responses are going out and how many TCP sessions result
> > from these truncations and how many of these TCP sessions are killed by
> > the RFC1035 4.2.2 connection management logic, and if the numbers seem
> > high, then they ought to change their applications and DNS content so
> > that truncations no longer result.
>
> How does the (eventual) deployment of DNSSEC change these numbers?
DNSSEC cannot be signalled except in EDNS.
> And who's likely to feel *that* pain first?
the DNSSEC design seems to distribute pain very fairly.
--
Paul Vixie
More information about the NANOG
mailing list