At Thu, 15 Jan 2015 11:13:10 +0100, Matthijs Mekking <matth...@pletterpet.nl> wrote:
> IXFR with DNSSEC is suddenly not so small anymore. Do you recognize > this? Olafur and I have some ideas on keeping those zone transfers > small. Your feedback is appreciated. > > http://www.ietf.org/internet-drafts/draft-mekking-mixfr-01.txt I see the motivation, and the proposed approach of MIXFR may make sense. But, just like for any kind of optimization ideas, I would wonder whether this could be a premature one. Do you have any measurement of the effect of this idea? On the draft text (also related to this higher level point): The goal of this proposal is to allow small changes to be communicated over UDP, and remove as much redundant information from the zone transfer as possible. We still need to send new RRSIGs, and since the main concern is the size of them (whether they are to be removed or added), I guess sending a non-negligible number of RRSIGs could easily require TCP, even if we can omit a half of them. So I'm not sure how often we can avoid falling back to TCP (M)IXFR thanks to this in practice. Again, some actual measurement or at least a quantitative analysis may help. Regarding Section 5 (IXFR Gone Wild: Even more optimized transfers): if we go this far, I wonder whether we might just use generic and more efficient compression and exchange compressed data. -- JINMEI, Tatuya _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop