[ga] DNSSEC May Cause Problems On May 5

["Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>]

All, especially Debbie,

  Debbie, this one of those "Distractions" that is NOT necessary but
rather created under perhaps dubious circumstances and perhaps
for dubious created reasons that of course can, and always should
be avoided.  A proper implementation would have eliminated such
disruptions and therefor distractions.  Implementing DNScurve
would have been even far better all the way around.

See:
 
https://tech.slashdot.org/story/10/04/30/1258234/DNSSEC-May-Cause-Problems-On-May-5
 

The coming milestone of May 5, at 17:00 UTC 
at this time DNSSEC will be rolled out across all 13 root servers. Some
Internet users, especially those inside corporations and behind smaller
ISPs, 
http://www.itnews.com.au/News/173412,warning-why-your-internet-might-fail-on-may-5.aspx
may experience intermittent problems. The reason is that some
older networking equipment is preconfigured to block any reply to a DNS
request that exceeds 512 bytes in size. DNSSEC replies are typically four
times as large. "DNSSEC is in fact already rolled out across most of the
world's 13 root servers. ... But to date ... it would only have resulted
in a slight lag in the loading of a web page for those with outdated
network equipment. The beauty of DNS is that should a request made to one
root server not receive a response, the DNS resolver on a user's machine
simply makes the same request along the line of the 13 root servers until
it gets a satisfactory response. But on May 5, once all 13 root servers
are live with the DNSSEC signatures, responses from all 13 root servers
won't make it back inside the corporate LAN on some older systems. ...
The problem may take several days to surface and be inconsistent from one
user's PC to the next. A user at one machine who hasn't switched on his
PC for two or three days will have no access to the Internet. A user who
left his machine on the night before will have some pages — and responses
from DNS servers — cached on his machine, and will still have
connectivity." The article links a 
https://www.dns-oarc.net/oarc/services/replysizetest
test site you can use ahead of time to check for any problems.


Regards,

Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 294k members/stakeholders and growing, 
strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is very
often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B; liability
depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of
Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail jwkckid1@xxxxxxxxxxxxx
Phone: 214-244-4827