[Dnssec-deployment] CAT is signed

Eric Osterweil eoster at CS.UCLA.EDU
Tue Jun 29 16:28:30 EDT 2010 

On Jun 28, 2010, at 8:59 PM, Mark Andrews wrote:


<snip>
>> 
>>>> ;)
>>>> =20
>>>>> yes, they do iterate
>>>>> down to the leaf zones when the parents return referrals rather
>>>>> than promoting glue to answer.  So, yes, the .cat nameservers should
>>>>> be expecting to and be capable of answering any queries for any
>>>>> name in their namespace.
>>>> =20
>>>> As I said Mark (in regards to PMTU): what exactly does this tell
>>>> someone?
>>> =20
>>> No one it saying that it tells you anything about pmtu. =20
>> 
>> Read the OP:
>> 	"... too little data? Try '+dnssec ANY' and
>> 	you'll see. Other responses, such as from '+dnssec DNSKEY' are =
>> less
>> 	than 1400 bytes..."
>> 
>> We were actually talking exactly about PMTU.  I think you might have =
>> hijacked the conversation.
> 
> Well any @1200 succeeds, any @1300 succeeds but any @1400 fails
> with dns4.ad.  That tells me the PMTU somewhere between 1300 and
> 1400 bytes which is a strange path mtu.
> 

<snip>

Yeah, actually...  From dnsfunnel (at just one location), it does actually seem kind of odd (a lot of loss and trunctaions):

$ dnsfunnel @dns4.ad. -t any cat    

194.158.64.10   4096B   * * * 
194.158.64.10   2304B   * * * 
194.158.64.10   1408B   * 0.195602 (truncated)
194.158.64.10   1856B   * * * 
194.158.64.10   1632B   * * * 
194.158.64.10   1520B   * * * 
194.158.64.10   1464B   0.208131 (truncated)
194.158.64.10   1492B   * * 0.201592 (truncated)
194.158.64.10   1506B   * * * 
194.158.64.10   1499B   0.197746 (truncated)
194.158.64.10   1502B   * 0.196259 (truncated)
194.158.64.10   1504B   0.194428 (truncated)
194.158.64.10   1505B   * * * 
194.158.64.10   1504B   * * 0.195759 (truncated)
194.158.64.10   1505B   0.194289 (truncated)
---------------------------------
PMTU walking summary:
======================================================
Name                    Keys    Small   Largest Optimal
Server    IP            fit?    Buffer  Buffer  Buffer
------------------------------------------------------
dns4.ad.
        194.158.64.10   no      1505    0       0


Eric
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part
Url : http://dnssec-deployment.org/pipermail/dnssec-deployment/attachments/20100629/17e94332/attachment.bin

More information about the Dnssec-deployment mailing list