DNSSEC Readiness

Florian Weimer fw at deneb.enyo.de
Mon Feb 15 13:49:43 CST 2010


* Charles N. Wyble:

> However they will certainly start complaining when DNS stops working. Of
> course they won't know that's what the issue is, but they will call
> saying the internet is down.

Okay, then the first way I mentioned for checking should be
sufficient.  Well, perhaps make it

  dig $RANDOM.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +dnssec

instead, so that you'll receive an even larger response.

But actually, you already know that your DNS can cope with responses
>512 bytes, if you look at this:

  dig @k.root-servers.net  +trace +all +dnssec aol.com MX

Certainly, your users would complain if they couldn't send mail to
AOL. 8-)




More information about the NANOG mailing list