large organization nameservers sending icmp packets to dns servers.
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Fri Aug 10 15:14:55 UTC 2007
On Thu, 09 Aug 2007 22:58:40 -0000, Paul Vixie said:
> > How does the (eventual) deployment of DNSSEC change these numbers?
>
> DNSSEC cannot be signalled except in EDNS.
Right. Elsewhere in this thread, somebody discussed ugly patches to keep
the packet size under 512. I dread to think how many different ways of
"protecting" DNS are deployed that will break EDNS, and just haven't been
noticed because there's little enough *actual* EDNS breakage that it's down
in the noise of *other* "random voodoo" breakage at those sites.
> > And who's likely to feel *that* pain first?
>
> the DNSSEC design seems to distribute pain very fairly.
I actually meant "which 800 pound gorilla is going to try this first and
find all the bustifications", but your answer is good too.. :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20070810/f0d5a229/attachment.sig>
More information about the NANOG
mailing list