nanog mailing list archives

Re: large organization nameservers sending icmp packets to dns servers.

From: Valdis.Kletnieks () vt edu
Date: Fri, 10 Aug 2007 11:14:55 -0400

On Thu, 09 Aug 2007 22:58:40 -0000, Paul Vixie said:

How does the (eventual) deployment of DNSSEC change these numbers?


DNSSEC cannot be signalled except in EDNS.


Right. Elsewhere in this thread, somebody discussed ugly patches to keep
the packet size under 512.  I dread to think how many different ways of
"protecting" DNS are deployed that will break EDNS, and just haven't been
noticed because there's little enough *actual* EDNS breakage that it's down
in the noise of *other* "random voodoo" breakage at those sites.

And who's likely to feel *that* pain first?


the DNSSEC design seems to distribute pain very fairly.


I actually meant "which 800 pound gorilla is going to try this first and
find all the bustifications", but your answer is good too.. :)

Attachment: _bin
Description:

Current thread:

Re: large organization nameservers sending icmp packets to dns servers., (continued)
- - - Re: large organization nameservers sending icmp packets to dns servers. Kevin Oberman (Aug 07)
    - Re: large organization nameservers sending icmp packets to dns servers. Andrew Sullivan (Aug 07)
    - Re: large organization nameservers sending icmp packets to dns servers. Douglas Otis (Aug 07)
    - Re: large organization nameservers sending icmp packets to dns servers. Paul Vixie (Aug 08)
    - Re: large organization nameservers sending icmp packets to dns servers. Douglas Otis (Aug 08)
    - Re: large organization nameservers sending icmp packets to dns servers. Paul Vixie (Aug 08)
    - Re: large organization nameservers sending icmp packets to dns servers. Douglas Otis (Aug 09)
    - Re: large organization nameservers sending icmp packets to dns servers. Paul Vixie (Aug 09)
    - Re: large organization nameservers sending icmp packets to dns servers. Valdis . Kletnieks (Aug 09)
    - Re: large organization nameservers sending icmp packets to dns servers. Paul Vixie (Aug 09)
    - Re: large organization nameservers sending icmp packets to dns servers. Valdis . Kletnieks (Aug 10)
    - Re: large organization nameservers sending icmp packets to dns servers. Douglas Otis (Aug 10)
    - Re: large organization nameservers sending icmp packets to dns servers. Paul Vixie (Aug 10)
    - Re: large organization nameservers sending icmp packets to dns servers. Roland Dobbins (Aug 10)
    - Re: large organization nameservers sending icmp packets to dns servers. John Kristoff (Aug 10)
    - Re: large organization nameservers sending icmp packets to dns servers. David Conrad (Aug 07)
    - Re: large organization nameservers sending icmp packets to dns servers. Patrick W. Gilmore (Aug 07)
    - RE: large organization nameservers sending icmp packets to dns servers. David Schwartz (Aug 07)
    - Re: large organization nameservers sending icmp packets to dns servers. Patrick W. Gilmore (Aug 08)
    - Re: large organization nameservers sending icmp packets to dns servers. Valdis . Kletnieks (Aug 08)
    - RE: large organization nameservers sending icmp packets to dns servers. Jason J. W. Williams (Aug 07)

(Thread continues...)