internet users may have connection problems on May 5, at 17:00 UTC, when DNSSEC will be rolled out across all 13 web root servers.
Bruce Tonkin, chief strategy officer at Melbourne IT, says:
“The problem may take several days to surface and be inconsistent from one user’s PC to the next. A user at one machine that hasn’t switched on his PC for two or three days will have no access to the internet. A user that left his machine on the night before will have some pages – and responses from DNS servers – cached on their machine, and will still have connectivity.”
Tonkin recommended network managers run a series of simple online tests to ensure their network can handle the larger DNS responses:
A reply-size test available at DNS-OARC:
https://www.dns-oarc.net/oarc/services/replysizetest
Ripe Labs’ ‘Test your DNS Resolver’
http://labs.ripe.net/content/testing-your-resolver-dns-reply-size-issues