[ksk-rollover] 答复: 答复: Observation on Large response issue during Yeti KSK rollover
Davey Song(宋林健)
ljsong at biigroup.cn
Thu Aug 3 05:33:14 UTC 2017
I make adding in the article like this:
In ICANN’s KSK rollover plan, the packet size will exceed 1280 Octets limit up to 1414 octets on 2017-Dec-20 and 1424 octets on 2018-Jan-11. It means around 2% IPv6 resolvers(or IPv6 DNSKEY queries with DO bit set) will experience timeout.
Geoff reported that 17% of resolvers cannot ask a query in TCP. So probably in extreme case there are 0.34% of IPv6 resolvers around the world will fail to validate the answers. 0.34% of millions (if IPv6 dominant), It is not a trivial number.
Davey
> -----邮件原件-----
> 发件人: ksk-rollover-bounces at icann.org
> [mailto:ksk-rollover-bounces at icann.org] 代表 Davey Song(宋林健)
> 发送时间: 2017年8月3日 9:50
> 收件人: 'Wessels, Duane'
> 抄送: ksk-rollover at icann.org
> 主题: [ksk-rollover] 答复: Observation on Large response issue during Yeti KSK
> rollover
>
> I changed the conclusion by correcting the number to 7% and add a proposed
> solution to hold 1220-octets boundary on DNS response size.
>
> Davey
> > -----邮件原件-----
> > 发件人: Davey Song(宋林健) [mailto:ljsong at biigroup.cn]
> > 发送时间: 2017年8月3日 9:36
> > 收件人: 'Wessels, Duane'
> > 抄送: 'ksk-rollover at icann.org'
> > 主题: 答复: [ksk-rollover] Observation on Large response issue during Yeti
> > KSK rollover
> >
> > I'm sorry. I made a mistake in conclusion part. The failure rate is
> > around 7% not 0.7%. it seems worse than the conclusion I made before.
> >
> > Davey
> > > -----邮件原件-----
> > > 发件人: Davey Song(宋林健) [mailto:ljsong at biigroup.cn]
> > > 发送时间: 2017年8月3日 9:28
> > > 收件人: 'Wessels, Duane'
> > > 抄送: 'ksk-rollover at icann.org'
> > > 主题: 答复: [ksk-rollover] Observation on Large response issue during
> > > Yeti KSK rollover
> > >
> > > Yes.
> > >
> > > It would be better if there was a comparison between IPv4 and IPv6.
> > > But we only have IPv6 traffic.
> > >
> > > In the initial setting ,there is a same group of probes using TCP as
> > > a comparison in case of routing problem or other network failure.
> > > But some probes I chose have some bugs sending DNS over TCP at a old
> version.
> > >
> > > Do you guys have similar testing or reference of other's work
> > > providing quantitative result on this regard? I mean the degree of
> > > impact due to large response in IPv6 (or IPv4) network. I'm not sure
> > > the result I got (less than 1%
> > > misbehave) is a common sense or not.
> > >
> > > Davey
> > > > -----邮件原件-----
> > > > 发件人: Wessels, Duane [mailto:dwessels at verisign.com]
> > > > 发送时间: 2017年8月2日 23:16
> > > > 收件人: Davey Song(宋林健)
> > > > 抄送: ksk-rollover at icann.org
> > > > 主题: Re: [ksk-rollover] Observation on Large response issue during
> > > > Yeti KSK rollover
> > > >
> > > > Thanks Davey,
> > > >
> > > > Just to make sure I understand, these are IPv6-only measurements
> > > > and results, correct?
> > > >
> > > > DW
> > > >
> > > >
> > > > > On Aug 2, 2017, at 2:31 AM, Davey Song(宋林健) <ljsong at biigroup.cn>
> > > > wrote:
> > > > >
> > > > > Hi ICANN KSK rollover team,
> > > > >
> > > > > For your information, I have an observation on large response
> > > > > impacts during
> > > > Yeti KSK rollover. Please check the article.
> > > > >
> > > > >
> > > > http://yeti-dns.org/yeti/blog/2017/08/02/large-packet-impact-durin
> > > > g-
> > > > ye
> > > > ti-ksk-r
> > > > ollover.html
> > > > >
> > > > > Best regards,
> > > > > Davey
> > > > > _______________________________________________
> > > > > ksk-rollover mailing list
> > > > > ksk-rollover at icann.org
> > > > > https://mm.icann.org/mailman/listinfo/ksk-rollover
>
>
>
>
> _______________________________________________
> ksk-rollover mailing list
> ksk-rollover at icann.org
> https://mm.icann.org/mailman/listinfo/ksk-rollover
More information about the ksk-rollover
mailing list