It appears that Kazunori Fujiwara <[email protected]> said: >These limits are useful because they are already implemented and seem >to be effective for stable operation of the resolver.
This may be more work than you planned to do, but I think a document that described the limits in popular DNS caches such as unbound, Knot, and PowerDNS as well as BIND would be very useful. It would both give us a list of the things that can cause performance problems, and also some guidance about limits we should be aware of. >I agree, but an RRSet with a large number of RRs cannot be carried >over UDP transport and will eventually break down as they approach the >65535 octets limit. I think that apex TXT will become smaller once >domain verification techniques are standardized and widespread. I added junk to the TXT record at _dmarc.johnlevine.com so it is over 50K, and then I went to a bunch of DMARC test sites to see if they handle it properly. Almost without exception they work. This suggests that large DNS responses may not be fast, but they work. I suppose I could try another experiment with a hundred 500 byte junk records and see if they pick out the good one. R's, John PS: There was a bug in NSD that broke when a single record was over 32K but they fixed it quickly when I reported it. _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
