This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/dns-wg@ripe.net/
[dns-wg] What about the last mile, was: getting DNSSEC deployed
- Previous message (by thread): [dns-wg] What about the last mile, was: getting DNSSEC deployed
- Next message (by thread): [dns-wg] What about the last mile, was: getting DNSSEC deployed
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Peter Koch
pk at DENIC.DE
Fri Feb 16 11:07:29 CET 2007
On Fri, Feb 16, 2007 at 09:20:09AM +0000, Lutz Donnerhacke wrote: > DNSSEC validating on a larger resolver does scale well, because - that's the > important observation I made - a lot of queries can be answered from cached > NSEC records without querying further. The whole bunch of NXDOMAIN dropped by > about 70% here. Crypto is cheap compared to networking. Are you suggesting that a) since most of the queries are repeated ones leading to NXDOMAIN you can take advantage of the response being cached and not in need of re-validation, or b) you have and use an implementation, that -- in violation of the DNSSEC specification -- applies "aggressive negative caching"? In case of (a) I'd not understand the drop rate, for (b) I'd like to read a name. -Peter
- Previous message (by thread): [dns-wg] What about the last mile, was: getting DNSSEC deployed
- Next message (by thread): [dns-wg] What about the last mile, was: getting DNSSEC deployed
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]