[AfrICANN-discuss] Africa likely to be shaken off the internet
Mark Elkins
mje at posix.co.za
Fri Oct 30 16:48:07 SAST 2009
On Fri, 2009-10-30 at 13:16 +0300, McTim wrote:
> Hi Douglas,
>
> On Fri, Oct 30, 2009 at 10:53 AM, Douglas Onyango
> <ondouglas at yahoo.com> wrote:
> Rebecca,
> The findings of the Augmentation study pointed out some
> problems, including:-
> 1. Fall back to TCP because of truncation
> 2. High Memory usage on servers.
> 3. Increase in latency especially with BIND and big zone files
> (100,000+) among others.
>
> I do agree that some of the loads/tests are not practical at
> the moment and even some can be mitigated, but overall IMHO
> telling ourselves that we won't be affected would be wrong.
>
>
> There is much confusion around DNSSEC in Internet Governance circles.
>
> As Michuki pointed out to Rebecca earlier on the kictanet list, you
> have to turn on DNSSEC in your nameserver in order to have any effect.
I did this several months ago. No great change. I have scripts that
import the iTAR stuff and distribute it around my (DNS) network.
I also have a handful of domains that are signed (DNSSEC) and using
ISC's DLV Look-aside services.
They work just fine.
> I am of the opinion that African ISPs are going to be using DNS as it
> is for some time to come. If you don't have DNSSEC enabled, you will
> use plain old "vanilla" DNS.
True. Most people should have upgraded old BIND systems anyway. Things
like EDNS0 should be allowing larger than 512 byte UDP packets in -
though being potentially blocked by (old?) firewalls - but thats true
for much of the world.
The (German) article was technically incorrect though - confusion
between the pre-EDNS DNS UDP packet size (512 bytes) and 512Kb
transfers...
Anyway - if you 'dig +dnssec diver.co.za' - the AD bit should be set :-)
OK - so I'm unusual.
--
. . ___. .__ Posix Systems - Sth Africa
/| /| / /__ mje at posix.co.za - Mark J Elkins, SCO ACE,
Cisco CCIE
/ |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496
More information about the AfrICANN
mailing list