[dns-operations] signing a zone with NSEC3 records.
Mark Andrews
marka at isc.org
Thu Sep 10 12:36:21 UTC 2009
In message <4AA8ED72.5070707 at nic.cz>, =?UTF-8?B?T25kxZllaiBTdXLDvQ==?= writes:
> On 09/10/2009 08:50 AM, Sander Smeenk wrote:
> > Quoting Samuel Weiler (weiler at watson.org):
> >
> > though it does grow your (signed) zonefile significantly.
>
> Nope. NSEC3 has opt-out feature which allows you to keep down zonefile
> size compared to NSEC.
Which only helps if you have a delegation centric zone. 99.9999% of
zones are not delegation centric zones.
> Ondrej
> --
> Ondřej Surý
> vedoucà výzkumu/R&D manager
> -------------------------------------------
> CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
> Americka 23, 120 00 Praha 2, Czech Republic
> mailto:ondrej.sury at nic.cz http://nic.cz/
> tel:+420.222745110 fax:+420.222745112
> -------------------------------------------
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list