[98485] in North American Network Operators' Group
Re: large organization nameservers sending icmp packets to dns servers.
daemon@ATHENA.MIT.EDU (Paul Vixie)
Thu Aug 9 19:14:58 2007
To: nanog@merit.edu
From: Paul Vixie <vixie@vix.com>
Date: 09 Aug 2007 22:58:40 +0000
In-Reply-To: <10342.1186694951@turing-police.cc.vt.edu>
Errors-To: owner-nanog@merit.edu
Valdis.Kletnieks@vt.edu writes:
> > ... advising folks to monitor their authority servers to find out how
> > many truncated responses are going out and how many TCP sessions result
> > from these truncations and how many of these TCP sessions are killed by
> > the RFC1035 4.2.2 connection management logic, and if the numbers seem
> > high, then they ought to change their applications and DNS content so
> > that truncations no longer result.
>
> How does the (eventual) deployment of DNSSEC change these numbers?
DNSSEC cannot be signalled except in EDNS.
> And who's likely to feel *that* pain first?
the DNSSEC design seems to distribute pain very fairly.
--
Paul Vixie
