Two weeks ago the SecSpider team went to IETF 75 (in beautiful Stockholm, Sweden). The meeting was, as usual, a tremendous amount of fun.
However, the DNSSEC work that was discussed was of critical importance. We continued to try and raise awareness of the Path Maximum
Transmission Unit (PMTU) problem that we discovered. We have been presenting our results and writing them up with our conclusions at every
opportunity
[1] [2] [3],
and this was our latest opportunity: [4].
This presentation gave us the chance to announce our new command-line tool dnsfunnel that lets people measure PMTU problems from
their own location(s) to any zones. The tool is bundled with the entire Vantages suite, and
can be downloaded here. When users install the suite, in addition to
dnsfunnel and dnskey-grab they also get the new key verification TAR and can optionally run it on a machine running a
recursive resolver in order to generate their own trusted-keys list.
We were hoping that our brief presentation would spark useful conversations
during the working group session.
Luckily the conversations in the hallways were very fruitful. With the release of dnsfunnel we hope that people can appraise
the seriousness of the PMTU problem for themselves.
SecSpider the DNSSEC Monitoring Project
SecSpider at IETF 75
