16 Feb
2007
16 Feb
'07
2:26 p.m.
On Fri, Feb 16, 2007 at 10:20:58AM +0000, Lutz Donnerhacke wrote:
The win will be much better if the root where signed (because the resolver knows which TLD does not exists from cache), so that stetting up a signed root for outself is a probable project in the near future.
If lowering response times for QNAMEs falling into non-existent TLDs (or reducing garbage sent to the root servers) is your goal, why wait for DNSSEC? Just make your recursive server authoritative for the root zone (all caveats apply) and be done. I'm neither questioning nor recommending this approach, but I'm a bit concerned to see side effects (real or perceived) sold as benefits for DNSSEC, where these benefits don't exist. -Peter