[Dnssec-deployment] validation and/or recursion at the edge device
jim at rfc1035.com
Sun Aug 7 13:48:43 EDT 2011
On 7 Aug 2011, at 18:00, David Conrad wrote:
> Somewhat as an aside, it'd be interesting to examine what impact a
> local resolver would have on bandwidth. That is, whether the local
> caching (particularly of DNSSEC-related junk) would outweigh the
> bandwidth requirements needed to do the recursion. However, even in
> wireless, I'm not sure how critical a resource bandwidth will be in
> the future (LTE/WiMAX/etc).
Considering how much mobile operators are able to extort for moving
bits around, bandwidth usage is (and probably always will be) a
critical resource in many environments. :-(
I wonder too what you mean by "local resolver". Is it a stub (bad IMO)
or something with a cache that's available to everything on the device
Although this is not specifically a DNSSEC deployment issue, remember
the damage a widely used application with a misbehaving stub can do.
Particularly to the root server infrastructure.
Once upon a time I looked after an intranet's backbone name servers.
One site was running DNS servers that didn't do negative cacheing --
this was a long time ago -- and they were pounding on the central
servers asking over and over for the same non-existent name(s).
Clearly some local applications wouldn't take NXDOMAIN for an answer
and went into an infinite loop asking the same question.
More information about the Dnssec-deployment