|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: large organization nameservers sending icmp packets to dns servers.
[email protected] writes: > > ... advising folks to monitor their authority servers to find out how > > many truncated responses are going out and how many TCP sessions result > > from these truncations and how many of these TCP sessions are killed by > > the RFC1035 4.2.2 connection management logic, and if the numbers seem > > high, then they ought to change their applications and DNS content so > > that truncations no longer result. > > How does the (eventual) deployment of DNSSEC change these numbers? DNSSEC cannot be signalled except in EDNS. > And who's likely to feel *that* pain first? the DNSSEC design seems to distribute pain very fairly. -- Paul Vixie
|