Re: That's not what El Reg said -

Author	All Replies
Karl Bode News Guy join:2000-03-02 kudos:30 Host: Road Runner PC gaming GAMES PC gaming Tech	reply to ScottMo Re: That's not what El Reg said said by you : Nothing there to say the regular Joe Internet is going to lose service. said by The Register : Will DNSSEC kill your internet?" said by The Register : Internet users face the risk of losing their internet connections on 5 May when the domain name system switches over to a new, more secure protocol. He tries to downplay his own inflammatory title, but he's still making a bigger deal of this than even the experts quoted in his own story are.
	to forum · permalink · 2010-04-29 09:19:14 ·
Noah Vail Son made my Avatar Premium join:2004-12-10 Lorton, VA kudos:1 Reviews: ·Bright House ·Sprint Mobile Br.. 2 edits	said by Karl Bode: said by you : Nothing there to say the regular Joe Internet is going to lose service. said by The Register : Will DNSSEC kill your internet?" ]He tries to downplay his own inflammatory title, but he's still making a bigger deal of this than even the experts quoted in his own story are. Here's what isn't sorting out for me. A DNS Resolver - directly downstream from the Root - has a 512 byte limit on it's upstream DNS communications. and All Root DNS Packets are suddenly larger than 512 bytes due to DNS certificates. then Doesn't that effectively kill all future Root DNS Updates for that DNS Resolver (until the limit is fixed)? NV edit:seperate 2 issues into 2 posts. -- In my perfect religion, a giant hole appears and sucks up all the lousy people. I call it the Crapture.
	to forum · permalink · 2010-04-29 10:31:08 ·

R4M0N Brazilian Soccer Ownz Joo join:2000-10-04 Glen Allen, VA	reply to Karl Bode A misleading title meant to get people to read the article itself? SAY IT ANI'T SO!!!!
	to forum · permalink · 2010-04-29 11:10:40 ·
Noah Vail Son made my Avatar Premium join:2004-12-10 Lorton, VA kudos:1 Reviews: ·Bright House ·Sprint Mobile Br..	reply to Karl Bode If I understand correctly, only real issue here is that a few DNS servers might not be able to update from the Root Zone until they come into compliance with the current DNSSEC proticols. I suppose an affected DNS resolver could get Root updates from a trusted peer instead, while the problem is addressed. . Like the Root Zone; most Tier 2 DNS Servers are diversified among several locations. I imagine a lot of DNS load could migrate to the servers that adhere to the current DNSSEC protocols, while non-compliant servers are upgraded. There's also an RFC3383 protocol that addresses backward compatibility. It predates the current DNSSEC protocols but still seems to be in effect. I'll see if/how it fits in here. NV -- In my perfect religion, a giant hole appears and sucks up all the lousy people. I call it the Crapture.
	to forum · permalink · 2010-04-29 12:03:56 ·
nweaver join:2010-01-13 Napa, CA	reply to Noah Vail No... a: Such resolvers are likely to not ask for DNSSEC at all. b: Even if they do, they will take a timeout and retry by TCP, which slows things down (by a couple of seconds), but otherwise the results still work. And for the root, queries hit the root so rarely that you're likely to never notice this timeout anyway.
	to forum · permalink · 2010-04-30 10:55:58 ·

No, DNSSEC Upgrades Won't Break The Internet Next Week > That's not what El Reg said

Re: That's not what El Reg said