[dns-operations] 答复: How .org name server handle large DNS response?
Davey Song(宋林健)
ljsong at biigroup.cn
Fri Dec 21 08:38:03 UTC 2018
Hi,
> 1. Eliminate unnecessary DNSKEY RRSIGs, one (just by the active KSK)
> is enough (c.f. .com), but .org sends three, two KSK signatures and
> even one ZSK signature. Perhaps there's a good reason for this, but
> it would be good to find a more svelte design.
I guess the reason may be described in https://tools.ietf.org/html/draft-huque-dnsop-multi-provider-dnssec-03#section-2.2.2
Davey
More information about the dns-operations
mailing list