[122499] in North American Network Operators' Group
Re: DNSSEC Readiness
daemon@ATHENA.MIT.EDU (Florian Weimer)
Mon Feb 15 14:50:18 2010
From: Florian Weimer <fw@deneb.enyo.de>
To: Charles N Wyble <charles@knownelement.com>
Date: Mon, 15 Feb 2010 20:49:43 +0100
In-Reply-To: <4B799B87.3030602@knownelement.com> (Charles N. Wyble's message
of "Mon, 15 Feb 2010 11:07:51 -0800")
Cc: Nanog <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
* Charles N. Wyble:
> However they will certainly start complaining when DNS stops working. Of
> course they won't know that's what the issue is, but they will call
> saying the internet is down.
Okay, then the first way I mentioned for checking should be
sufficient. Well, perhaps make it
dig $RANDOM.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. +dnssec
instead, so that you'll receive an even larger response.
But actually, you already know that your DNS can cope with responses
>512 bytes, if you look at this:
dig @k.root-servers.net +trace +all +dnssec aol.com MX
Certainly, your users would complain if they couldn't send mail to
AOL. 8-)
