On Nov 4, 2009, at 3:02 PM, David Conrad wrote:
[namedroppers dropped as this felt more operational to me] On Nov 4, 2009, at 11:09 AM, Nicholas Weaver wrote:Question: Have people been able to estimate how large the signed root zone response will be?Response to what? Using the current IANA 'normal root servers' testbed:% dig +bufsize=4096 +dnssec @root.iana.org . ns | grep rcvd ;; MSG SIZE rcvd: 801 % dig +bufsize=4096 +dnssec @root.iana.org . soa | grep rcvd ;; MSG SIZE rcvd: 1016 % dig +bufsize=4096 +dnssec @root.iana.org . rrsig | grep rcvd ;; MSG SIZE rcvd: 2005 % dig +bufsize=4096 +dnssec @root.iana.org x a | grep rcvd ;; MSG SIZE rcvd: 639
I actually researched this, and need to spend some time cleaning up the report before posting it to this list. But the bottom line is that yes, all responses save a few at the apex of root are below 1500b (actually, below 1100b). The responses that are larger are ". rrsig" and ". any" (and ". dnskey" if minimal dnskey responses aren't used). ". any" is the only one that would actually set TC if, say, the advertised buffer size were set to 1280.
-- David Blacka <davidb at verisign.com> Sr. Engineer VeriSign Platform Product Development
Attachment:
smime.p7s
Description: S/MIME cryptographic signature