minor edits to results text; current state of named.conf

diff --git a/named.conf b/named.conf
index 4a682e6..6f823d2 100644 (file)
--- a/named.conf
+++ b/named.conf
@@ -3,7 +3,7 @@ options {
        port 4053;
        dnssec-enable yes;
        recursion no;
-       pid-file "/home/davidb/src/root_zone_test/run/named.pid";
+       pid-file "run/named.pid";
 #      max-udp-size 1472;
 };
 
@@ -19,6 +19,6 @@ zone "arpa." {
 
 zone "root-servers.net." {
      type master;
-     file "root-servers.net.zone";
-     #file "root-servers.net.signed";
+     #file "root-servers.net.zone";
+     file "root-servers.net.signed";
 };

diff --git a/zone_results/root_overall_response_size_results.txt b/zone_results/root_overall_response_size_results.txt
index 91caa4a..a7f08c7 100644 (file)
--- a/zone_results/root_overall_response_size_results.txt
+++ b/zone_results/root_overall_response_size_results.txt
@@ -9,7 +9,7 @@ Recommendations:
 
    1) Use the "minimal-dnskey-response" behavior for the root
    servers.  This behavior is supported by RDNS 2.3.2 and NCDNS 1.1.1
-   (as well as BIND 9.6 and NSD 3.2.3).
+   (as well as BIND 9.6.x and NSD 3.2.3).
 
    2) Cap our UDP responses sizes to 1472 (or optionally less, down to
    1400).  The results below will show that this is safe.  In fact,
@@ -24,8 +24,8 @@ Methodology:
     1024-bit ZSK, a signed arpa with the same key sizes, and (for now)
     an unsigned root-servers.net zone.
 
-  * BIND 9.6 was used as the authoritative server (so the
-    minimal-dnskey-response behavior was in effect).
+  * BIND 9.6 was used as the authoritative server, so the
+    minimal-dnskey-response behavior was in effect.
 
   * A python script was created using the dnspython package.  This
     script would:
@@ -33,16 +33,19 @@ Methodology:
     1. Read the contents of the signed root zone file, and for every
     name/type pair (except A/AAAA types for root and arpa):
 
-       1.1. Query for the name/type with EDNS0, DO=1, BUFSIZE=4096 via
-            UDP
+       1.1. Query for the name/type with EDNS0, DO=1, and BUFSIZE=4096
+            via UDP.
 
-       1.2. Record the resulting response size.
+       1.2. Record the resulting response size.  This is the "full"
+            response size.
 
        1.3. Find the "minimum no TC" size by parsing the response,
             clearing the additional section, re-encoding into
             compressed wire format, then recording the size.  Because
             of the way the dnspython dns.message class works, the OPT
-            record was perserved.
+            record was perserved.  Testing demonstrated that the size
+            did not change for responses that had no additional
+            section records other than OPT (e.g., NXDOMAIN responses).
 
        1.4. Calculate the additional amount of space that would be
             taken up if a maximum sized qname was given (essentially,
@@ -71,7 +74,7 @@ Methodology:
 
 Results:
 
-* "Maximum overall size" is the size of a response *with* the
+* "Maximum overall size" is the size of a response with the
   additional records and with a 255-byte qname.
 * "Full response size" is the size of the response with the additional
   section (if any), but with the given qname.
@@ -127,6 +130,5 @@ full    min     qname   label
 Note that the duplicate arpa queries exist because of the arpa entry
 in both the root zone and the arpa zone.
 
-The RRSIG responsed will shrink to 1189 or 1157 bytes before setting
+The RRSIG responses will shrink to 1189 or 1157 bytes before setting
 TC, but the ANY responses will always set TC.
-