On Sat, Jan 23, 2010 at 08:00:17PM -0500, Matt Larson wrote:
> On Fri, 22 Jan 2010, Paul Wouters wrote:
> > On Fri, 22 Jan 2010, Alex Bligh wrote:
> >> I meant computational resource requirements resultant from crypto
> >> operations, not algorithmic complexity.
> >
> > I had no problems doing this on a 1.2M domains TLD zone, using off the
> > shelf hardware, integrating into the TLD's hourly update interval.
> > (http://www.cira.ca/dnssec/)
>
> Try 100M delegations, updated every 15 seconds, and sending the
> resulting large non-Opt-out zone to places with poor connectivity such
> as Nairobi, Kenya.
>
> Arguments such as "I did it on once on commodity hardware with freely
> available tools" or "you can implement that in an afternoon" do not
> transfer well to large, critically important TLDs (or any large-scale,
> critical service).
>
> Matt
to be honest, there are a few more delegation points that fit the
1.xM domains using cots technology than there are delegations that
have delegations with 100M+ entries and running dynamic udates.
on more than one occasion (perhaps first at the IETF in SLC) I have
heard folks who would like the business model of such a delegation
refer to it as "a goiter on the neck of the DNS" in envy.
--bill
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
