DNSSEC + IDN + INDccTLD
Mark Andrews
Mark_Andrews at isc.org
Mon Sep 1 02:14:47 CEST 2008
> The talk of the town these days is DNSSEC. I worry about the size of
> an IDNccTLD + IDNs + DNSSEC responses, leading to a quite exclusive
> use of TCP. I wander if the related delay, security, documentation,
> operational aspects have been considered?
>
> jfc
It is not a issue. DNSSEC => EDNS and unless you are forcing
EDNS back to 512 bytes almost all referrals will be < 1200
bytes resulting in single packet responses even over IPv6.
NXDOMAIN responses are slightly larger but still < 1500.
Just make sure your firewall correctly processess fragments.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the Idna-update
mailing list