North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: large organization nameservers sending icmp packets to dns servers.
On Thu, 09 Aug 2007 22:58:40 -0000, Paul Vixie said: > > How does the (eventual) deployment of DNSSEC change these numbers? > > DNSSEC cannot be signalled except in EDNS. Right. Elsewhere in this thread, somebody discussed ugly patches to keep the packet size under 512. I dread to think how many different ways of "protecting" DNS are deployed that will break EDNS, and just haven't been noticed because there's little enough *actual* EDNS breakage that it's down in the noise of *other* "random voodoo" breakage at those sites. > > And who's likely to feel *that* pain first? > > the DNSSEC design seems to distribute pain very fairly. I actually meant "which 800 pound gorilla is going to try this first and find all the bustifications", but your answer is good too.. :)