[dns-operations] DNSSEC impact on applications was Re: security-aware stub resolver

Florian Weimer fw at deneb.enyo.de
Tue May 27 21:09:34 UTC 2008

* Wes Hardaker:

> - For small applications, most don't do a huge amount of lookups (wget,
>   pine, etc)

As usual, it might be an issue with short-running processes.  Each one
would need to populate its application cache with the keys starting from
the root and carry out a few RSA operations.  Especially the round-trips
for fetching the key material might add a noticeable delay (compared to
the actual download if the server is local, but the DNS cache is not).

I think a system-wide cache is much more reasonable.  It's also easier
to diagnose due to centralized logging.

More information about the dns-operations mailing list