Moin!
On 17 Dec 2016, at 20:25, David Conrad wrote:
I presume NSEC Aggressive Use will significantly reduce the amount of
crap hitting the root servers.
There are other ways of reducing the crap to the root servers (RFC
7706). I don't think NSEC Agressive use will reduce crap a lot as if I
remember correctly from Geoff Houstons last presentation still around
80% of the resolver don't use DNSSEC and thus even can't implement NSEC
Aggressive use.
However I don't think that the root servers are the problem if the end
devices switch to recursing themselves. They are diverse enough and I
assume the operators there have ways to increase capacity in a relative
short time frame. A lot of the authoritative infrastructure down the
tree just isn't ready to take the increase in traffic if we switch to an
all endpoints recurse architecture.
I look at a lot of recursive server farms and the cache hit rate there
are always >90% and in the mobile space usually >96%. So if we take
these numbers that would mean a 10 fold to 25 fold increase of traffic
to the authoritative DNS infrastructure and that doesn't even taken into
account that a lot of cache hits result of someone else refreshing the
cache or keeping it active.
I personally agree with Ted that recursive caches are a good thing and
that we are not ready to switch to an end device recurses architecture.
Sure there are a couple of Linux boxes out there that recurse themselves
or even a couple of CPEs that do that (most though just do forwarding to
the ISP resolver), but that is nothing compared to the billions phones
or IOT devices on the net.
So long
-Ralf
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
