Stephane Bortzmeyer wrote: > On Wed, Sep 02, 2015 at 08:28:10AM +1000, > Mark Andrews <ma...@isc.org> wrote: > >> ... >> >> 1. Recommend *every* recursive server holds a copy of the root zone. > > The problem is more general than that. It is not only the root (well, > the sniffers along the path to the root name servers), it is a > recursive-to-authoritative problem. Your solution does not work for > .com or even .fr.
right. however, if tcp-fastopen and tls are used for the server-to-server traffic (cache misses), the ~30M recursives could each have a permanently nailed-up TCP session to the ~10M authoritatives. i don't love the resulting state load, but it would secure the top of the flow. -- Paul Vixie _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop