On 6/8/02 3:01 PM, "Steven M. Bellovin" <smb(_at_)research(_dot_)att(_dot_)com>
wrote:
I was excluding EDNS0, since I thought it wasn't widely implemented.
It has been implemented in the latest version of BINDv8, it has always been
in BINDv9, and I believe it is in Microsoft's DNS server (not positive on
this). Given EDNS0 is required for implementing DNS for IPv6, I wouldn't
think it something you'd like to exclude.
TCP fallback is, as you are painfully well aware, expensive.
Yes.
What is the average size of a CERT (honest question, I have no idea)?
Good question -- and I don't think there's any one answer.
Hmm. "Average"?
Technically, you're right, but a number of the essential concepts are
the same, including the key one that the record you're looking for has
to have a name in DNS space.
And, of course, there are applications in which this makes perfect sense
(e.g., ssh).
Rgds,
-drc