[Dnssec-deployment] validation and/or recursion at the edge device
drc at virtualized.org
Sun Aug 7 23:02:09 EDT 2011
On Aug 7, 2011, at 7:48 AM, Jim Reid wrote:
> On 7 Aug 2011, at 18:00, David Conrad wrote:
>> Somewhat as an aside, it'd be interesting to examine what impact a local resolver would have on bandwidth. That is, whether the local caching (particularly of DNSSEC-related junk) would outweigh the bandwidth requirements needed to do the recursion. However, even in wireless, I'm not sure how critical a resource bandwidth will be in the future (LTE/WiMAX/etc).
> Considering how much mobile operators are able to extort for moving bits around, bandwidth usage is (and probably always will be) a critical resource in many environments. :-(
Given Youtube on iPhones, I'll admit I can't get too worked up about the bandwidth DNS would take. As mentioned, latency (particularly on mobile networks) is another issue.
> I wonder too what you mean by "local resolver". Is it a stub (bad IMO) or something with a cache that's available to everything on the device (good IMO)?
"local resolver" = an iterative, validating, caching resolver running on the local machine. That is, Unbound or BIND or whatever running locally to which you can point your /etc/resolv.conf (or equivalent) by specifying 127.0.0.1/::1.
More information about the Dnssec-deployment