[dns-operations] DNSSEC impact on applications was Re: security-aware stub resolver

Matthew Pounsett matt.pounsett at cira.ca
Tue May 27 15:29:36 UTC 2008

On 27-May-2008, at 10:50 , David Conrad wrote:

> OK.  But the concern is with "duplicated backbone and authority server
> traffic".

I think some people are making the assumption that a validating cache  
which replaces a stub resolver would still always talk to the same  
local cache(s) that the stub resolver did.  So any responses that need  
to be validated could be obtained from that intermediate cache, rather  
than directly from the authoritative servers.  In that scenario the  
authoritative servers would see exactly the same traffic that they'd  
see with a stub resolver in place.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20080527/415a6172/attachment.sig>

More information about the dns-operations mailing list