[Cda] DNS packet size issues
Steven G. Huter
sghuter at nsrc.org
Fri Jul 26 20:07:19 EAT 2024
Thank you for this helpful analysis, Alain.
Steve
On Fri, 26 Jul 2024, ALAIN AINA wrote:
> Dear All,
>
> You may remembered our discussions about the dns packet size issue with “.bj” dnskey RR with KSK of 4096 bits and ZSK of 2048 bits and the ongoing ZSK rollover. I took the liberty to use ripe atlas to emphasise the scope of the problem.
>
> I ran various measurements for 3 days with 20 IPv4 probes randomly selected for each. The summary of the query and the results are presented below:
>
> ==============
>
> 1- .mg soa +dnssec (resolv on probe)
> https://atlas.ripe.net/measurements/76126605/
>
> 13 responses with signature
> 6 response without signature
>
>
> 2- .bj soa +dnssec (resolv on probe)
> https://atlas.ripe.net/measurements/76127007/
>
> 11 response with signature
> 2 no answer Available (timeout)
> 5 responses without signature
>
>
> 3- .bj dnskey bufsize=1232 +dnssec (resolv on probe)
> https://atlas.ripe.net/measurements/76126967/
>
> 2 server failed
> 14 no answers available (no Error)
> 1 answer with signature
> 5 answers without signature
>
> 4- .bj dnskey +dnssec +tcp (resolv on probe)
> https://atlas.ripe.net/measurements/76127724/
>
> 2 no answers available
> 7 responses with signature
> 10 did not reach their target
>
> ======
>
> The outcomes of the measurements 3&4 present the scope of the issue.
>
> Bon weekend
>
> —Alain
>
>
>
More information about the Cda
mailing list