I make adding in the article like this: In ICANN’s KSK rollover plan, the packet size will exceed 1280 Octets limit up to 1414 octets on 2017-Dec-20 and 1424 octets on 2018-Jan-11. It means around 2% IPv6 resolvers(or IPv6 DNSKEY queries with DO bit set) will experience timeout. Geoff reported that 17% of resolvers cannot ask a query in TCP. So probably in extreme case there are 0.34% of IPv6 resolvers around the world will fail to validate the answers. 0.34% of millions (if IPv6 dominant), It is not a trivial number. Davey
-----邮件原件----- 发件人: ksk-rollover-bounces@icann.org [mailto:ksk-rollover-bounces@icann.org] 代表 Davey Song(宋林健) 发送时间: 2017年8月3日 9:50 收件人: 'Wessels, Duane' 抄送: ksk-rollover@icann.org 主题: [ksk-rollover] 答复: Observation on Large response issue during Yeti KSK rollover
I changed the conclusion by correcting the number to 7% and add a proposed solution to hold 1220-octets boundary on DNS response size.
Davey
-----邮件原件----- 发件人: Davey Song(宋林健) [mailto:ljsong@biigroup.cn] 发送时间: 2017年8月3日 9:36 收件人: 'Wessels, Duane' 抄送: 'ksk-rollover@icann.org' 主题: 答复: [ksk-rollover] Observation on Large response issue during Yeti KSK rollover
I'm sorry. I made a mistake in conclusion part. The failure rate is around 7% not 0.7%. it seems worse than the conclusion I made before.
Davey
-----邮件原件----- 发件人: Davey Song(宋林健) [mailto:ljsong@biigroup.cn] 发送时间: 2017年8月3日 9:28 收件人: 'Wessels, Duane' 抄送: 'ksk-rollover@icann.org' 主题: 答复: [ksk-rollover] Observation on Large response issue during Yeti KSK rollover
Yes.
It would be better if there was a comparison between IPv4 and IPv6. But we only have IPv6 traffic.
In the initial setting ,there is a same group of probes using TCP as a comparison in case of routing problem or other network failure. But some probes I chose have some bugs sending DNS over TCP at a old version.
Do you guys have similar testing or reference of other's work providing quantitative result on this regard? I mean the degree of impact due to large response in IPv6 (or IPv4) network. I'm not sure the result I got (less than 1% misbehave) is a common sense or not.
Davey
-----邮件原件----- 发件人: Wessels, Duane [mailto:dwessels@verisign.com] 发送时间: 2017年8月2日 23:16 收件人: Davey Song(宋林健) 抄送: ksk-rollover@icann.org 主题: Re: [ksk-rollover] Observation on Large response issue during Yeti KSK rollover
Thanks Davey,
Just to make sure I understand, these are IPv6-only measurements and results, correct?
DW
On Aug 2, 2017, at 2:31 AM, Davey Song(宋林健) <ljsong@biigroup.cn> wrote:
Hi ICANN KSK rollover team,
For your information, I have an observation on large response impacts during Yeti KSK rollover. Please check the article.
http://yeti-dns.org/yeti/blog/2017/08/02/large-packet-impact-durin g- ye ti-ksk-r ollover.html
Best regards, Davey _______________________________________________ ksk-rollover mailing list ksk-rollover@icann.org https://mm.icann.org/mailman/listinfo/ksk-rollover
_______________________________________________ ksk-rollover mailing list ksk-rollover@icann.org https://mm.icann.org/mailman/listinfo/ksk-rollover