[Yeti DNS Discuss] Five additional servers added to Yeti testbed & an bug finding on priming response

Stephane Bortzmeyer bortzmeyer at nic.fr
Wed May 4 10:17:01 UTC 2016


On Wed, May 04, 2016 at 11:34:45AM +0200,
 Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote 
 a message of 79 lines which said:

> 2) With DNSSEC
> 
> % sh priming-size.sh
> dahu2.yeti.eu.org. 2017

[Knot, see a discussion at the end.]

> yeti-ns3.dns-lab.net. 1558

[Without the "minimum responses" option]

> yeti.aquaray.com. 1222
> yeti-ns.as59715.net. 1222

[Probably NSD, this is the default size, with the "minimum responses"
option]

> yeti.ipv6.ernet.in. 914
> yeti.bofh.priv.at. 914
> yeti-ns.switch.ch. 914
> yeti-ns.lab.nic.cl. 914
> yeti-ns.ix.ru. 914

[Probably BIND, with the default size, with the "minimum responses"
option?]

For dahu2.yeti.eu.org, the reason the priming response is so large, is
because dahu2 serves two RRSIG for the NS:

.			86400 IN RRSIG NS 8 0 86400 (
				20160527164002 20160427164002 11511 .
				IeDtwCGCG0MiLA8jY0j/WPKAu5rM7r2KgIEjLFmqGpko
				7Y6Iy0DbtFWCw/QFXhUrgJ1m79Tt6Fnz13B6DT1Cwlql
				UlJraWNqa8kfIgFtXHI9cGCzZR2yRHXWTKd7K866ZKKA
				8iBgrNS2PrIhsNYhoBXsF/p4yibpkBDUqozRt9k= )
.			86400 IN RRSIG NS 8 0 86400 (
				20160603050150 20160504050150 20454 .
				oXf6MeGVkVFcWu7iUdfx06LuD6CPGSpzJDpPc38hactA
				3fm9oIQ7K2vySs4V+xd4FXEwLML2jq0LlvZ9/bt8hDJM
				jXvF/6wszHu7i900Rtf+CpGt7cYe/yCuEVTJwNogpsyU
				v0xFs4LlpfVWYouMKG5uOUBu4qHOiR4R2ibqmZw= )

The first one, made by 11511, seems to be from the WIDE DM. The second
one, by 20454, seems to be from the BII DM. Knot apparently made IXFR
and merged the results...

IMHO, this is an important result to add to the MultiZSK draft:
another correct (?) but surprising behaviour with MultiZSK and IXFR...




More information about the discuss mailing list