DNSSEC Readiness
Florian Weimer
fw at deneb.enyo.de
Mon Feb 15 19:49:43 UTC 2010
* Charles N. Wyble:
> However they will certainly start complaining when DNS stops working. Of
> course they won't know that's what the issue is, but they will call
> saying the internet is down.
Okay, then the first way I mentioned for checking should be
sufficient. Well, perhaps make it
dig $RANDOM.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +dnssec
instead, so that you'll receive an even larger response.
But actually, you already know that your DNS can cope with responses
>512 bytes, if you look at this:
dig @k.root-servers.net +trace +all +dnssec aol.com MX
Certainly, your users would complain if they couldn't send mail to
AOL. 8-)
More information about the NANOG
mailing list