Jaap Akkerhuis wrote:
> > Given this, does anyone see any DNS security and/or stability concerns
> > if a miracle were to happen and the root were to be signed tomorrow?
>
> Well,it will introduce a lot of large RRs, which may cause problems.
>
> No, it won't. As David already pointed out, people not interested won't
> set the DO bit so won't ask for DNSSEC.
I'm talking about people who have, foolishly enough, interested in
DNSSEC and asked for DNSSEC information sometimes in vain.
And, the result is the instability.
> Also, a well behavng resolver
> has way less request to the root servers then to other servers.
Why, do you think, that servers other than the root servers won't
reply with oversized messages?
Masataka Ohta
PS
Thank you and David for being a example of people blindly requesting
for DNSSEC without understanding its so obvious negative effects, in
addition to not so obvious lack of its positive effects.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
