[dns-operations] 答复: How .org name server handle large DNS response?
Peter van Dijk
peter.van.dijk at powerdns.com
Sat Dec 22 22:17:42 UTC 2018
On 21 Dec 2018, at 9:38, Davey Song wrote:
>> 1. Eliminate unnecessary DNSKEY RRSIGs, one (just by the active
>> KSK)
>> is enough (c.f. .com), but .org sends three, two KSK
>> signatures and
>> even one ZSK signature. Perhaps there's a good reason for
>> this, but
>> it would be good to find a more svelte design.
>
> I guess the reason may be described in
> https://tools.ietf.org/html/draft-huque-dnsop-multi-provider-dnssec-03#section-2.2.2
Maybe somebody from .org can weigh in here, but it seems extremely
unlikely to me that that is the reason.
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
More information about the dns-operations
mailing list