On 11/18/21 3:14 AM, Mark Elkins wrote:
With IPv6 - you might want to use NSEC3 - as there can be huge holes in the reverse zone. Make the bad guy work at guessing what is in the zone.

Be mindful of current efforts for minimizing NSEC3 rounds / iterations which purportedly have a diminishing RoI for higher counts.



--
Grant. . . .
unix || die

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to