> On 18 Dec 2016, at 15:11, Ralf Weber <d...@fl1ger.de> wrote: > > There are other ways of reducing the crap to the root servers (RFC 7706). I > don't think NSEC Agressive use will reduce crap a lot as if I remember > correctly from Geoff Houstons last presentation still around 80% of the > resolver don't use DNSSEC and thus even can't implement NSEC Aggressive use.
First, apologies for a meaningful and relevant Subject: header. :-) Ralf, it’s not a question of how many resolving servers do and don’t use DNSSEC. It’s a question of how many clients that are behind them. ISTR Geoff saying that quite a large proportion of the Internet relies on google’s or Comcast’s resolving servers. So if they were to deploy NSEC Aggressive Use, it should significantly reduce the crap query traffic going to the root. That said, it would be good to get some data on this or model it somehow, say by using the DITL datasets. Any volunteers? _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
