[dns-operations] estimate DNSSEC signing power
sca at andreasschulze.de
Tue Sep 17 17:23:39 UTC 2019
we discuss to DNSSEC sign internal zones. General opponents bring up concerns about signing zones with update rates "up to 100 updates per second"
I like to ask for experience / opinions: Which resources would be required to sign such traffic?
Personally, I understand "up to 100/s" as "once a week we start 100 serves at the same time, sending some DNS updates and this will stress a signer"
But it may also be understand as "100 updates/second 7x24"
I'm aware of .org which I experience as "life signing every new zone". How many new zones/time happen there?
Thanks for your ideas!
More information about the dns-operations