Preparing for upcoming DNSSEC changes on 5/5

[Server Administrator]

I tried OARC's DNS Reply Size Test on two of my name servers, both on
the same network, behind the same firewall & router.

Both came back and reported "DNS reply size limit is at least 3843"
(results below).

Is 3843 close enough to 4096 to keep me safe next Wednesday (May 5th)?
 If not, do the required remedies need to be applied in named.conf, or
the router & firewall?  And if the latter, what, specifically, needs
to be configured?

Other than OARC's page are there any sites that describe everything
that needs to be done and checked to make sure we're good to go on
5/5?

Thank you

$ dig +short rs.dns-oarc.net txt

rst.x3827.rs.dns-oarc.net.
rst.x3837.x3827.rs.dns-oarc.net.
rst.x3843.x3837.x3827.rs.dns-oarc.net.
"198.x.x.8 sent EDNS buffer size 4096"
"198.x.x.8 DNS reply size limit is at least 3843"
"Tested at 2010-05-01 02:10:34 UTC"

===========================

rst.x3827.rs.dns-oarc.net.
rst.x3837.x3827.rs.dns-oarc.net.
rst.x3843.x3837.x3827.rs.dns-oarc.net.
"Tested at 2010-05-01 02:14:45 UTC"
"198.x.x.9 sent EDNS buffer size 4096"
"198.x.x.9 DNS reply size limit is at least 3843"