[Dnssec-deployment] validation and/or recursion at the edge device

[David Conrad]

On Aug 7, 2011, at 7:48 AM, Jim Reid wrote:
> On 7 Aug 2011, at 18:00, David Conrad wrote:
>> Somewhat as an aside, it'd be interesting to examine what impact a local resolver would have on bandwidth.  That is, whether the local caching (particularly of DNSSEC-related junk) would outweigh the bandwidth requirements needed to do the recursion.  However, even in wireless, I'm not sure how critical a resource bandwidth will be in the future (LTE/WiMAX/etc).
> 
> Considering how much mobile operators are able to extort for moving bits around, bandwidth usage is (and probably always will be) a critical resource in many environments. :-(

Given Youtube on iPhones, I'll admit I can't get too worked up about the bandwidth DNS would take.  As mentioned, latency (particularly on mobile networks) is another issue.

> I wonder too what you mean by "local resolver". Is it a stub (bad IMO) or something with a cache that's available to everything on the device (good IMO)?

"local resolver" = an iterative, validating, caching resolver running on the local machine.  That is, Unbound or BIND or whatever running locally to which you can point your /etc/resolv.conf (or equivalent) by specifying 127.0.0.1/::1.

Regards,
-drc