Hello Jorge, On Mon, Oct 26, 2009 at 6:35 AM, Jorge Amodio <[log in to unmask]> wrote: > Also having the query being satisfied via TCP will potentially break > the use of ANYCAST as the > mechanism that enables to have replicated "mirror" root servers around > the world. Well Anycast servers do repsond to TCP DNS queries, but UDP simplifies things re: bandwidth and other issues. The main takeaway from the root scaling study report for me was that the proposed changes to the root are multiplicative in nature, and not simply additive, so do the big one first: "If adding a TLD to a normal zone means a growth factor of 1.0, adding the same name to a zone that is signed with DNSSEC could mean a 4 times bigger change to the zone than if it wasn’t signed. If a TLD is added to an unsigned zone, but with IPv6 records for its name servers, the change may be 1.25 times what it was without IPv6. If you add the TLD, with IPv6, to a zone that is signed with DNSSEC, the growth will be 1.25 x 4 = 5 times the base example.74 Following this line of reasoning, it is desirable to add changes that have a sudden and large impact on the root zone as early as possible, whereas more gradual changes can be added at later stages, as the absolute numbers can be kept low by the effects of the rate limiting. As DNSSEC represents the most pronounced “step,” it would seem prudent to add DNSSEC to the root zone before any steps to increase the size by adding substantial amounts of new names are taken." -- Cheers, McTim "A name indicates what we seek. An address indicates where it is. A route indicates how we get there." Jon Postel