On Mon, Jan 5, 2009 at 5:57 PM, Jim <k0...@arrl.net> wrote: > While testing our DNSSEC signing product, I found that the expense of > signing with NSEC3 versus NSEC was very data dependent. In TLD type > zones with a sparse number of records that needed to be signed, > signing time could be reduced from hours to minutes by specifying > NSEC3. The resultant data files were much smaller than those signed > with NSEC.
This is presumably a result of OPT-IN and as more child zones are signed the effect will be less marked. Brett _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
