[dns-operations] DNSSEC impact on applications was Re: security-aware stub resolver
fw at deneb.enyo.de
Tue May 27 21:09:34 UTC 2008
* Wes Hardaker:
> - For small applications, most don't do a huge amount of lookups (wget,
> pine, etc)
As usual, it might be an issue with short-running processes. Each one
would need to populate its application cache with the keys starting from
the root and carry out a few RSA operations. Especially the round-trips
for fetching the key material might add a noticeable delay (compared to
the actual download if the server is local, but the DNS cache is not).
I think a system-wide cache is much more reasonable. It's also easier
to diagnose due to centralized logging.
More information about the dns-operations