On Jan 16, 2015, at 7:51 AM, Olafur Gudmundsson <o...@ogud.com> wrote: >> On Jan 15, 2015, at 1:33 PM, 神明達哉 <jin...@wide.ad.jp> wrote: >> > Jinmei, > thank you for your good comments. > >> At Thu, 15 Jan 2015 11:13:10 +0100, >> Matthijs Mekking <matth...@pletterpet.nl> wrote: >> >>> IXFR with DNSSEC is suddenly not so small anymore. Do you recognize >>> this? Olafur and I have some ideas on keeping those zone transfers >>> small. Your feedback is appreciated. >>> >>> http://www.ietf.org/internet-drafts/draft-mekking-mixfr-01.txt >> >> I see the motivation, and the proposed approach of MIXFR may make >> sense. But, just like for any kind of optimization ideas, I would >> wonder whether this could be a premature one. Do you have any >> measurement of the effect of this idea? > > This is a real good point, I would hope we (or others) have some > information on that before we standardize, right now this just an idea to > discuss. > The quick back of the envelope calculations say 30-45% for DNSSEC signed > zones, that are just > being resigned. The milage on other operations my differ. > > This begs the question what is the best way to measure?
Indeed. We can look at zones and measure, but not all zones use IXFR to update. Some zones don't use IXFR, but instead use other protocols to move the DNS RRs as data. One person said their zones use rsync-of-small-files because it is just as fast and yet is much easier to implement and monitor. Whatever measurements are done, they should be done on zones that are known to use IXFR. > I have a much more radical zone transfer proposal in the works that is over > persistent TCP > connections and that is ripe for secured and compressed transmission. That is not "radical" for zone admins who are already doing it. :-) --Paul Hoffman _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
