At Thu, 15 Jan 2015 11:13:10 +0100,
Matthijs Mekking <matth...@pletterpet.nl> wrote:

> IXFR with DNSSEC is suddenly not so small anymore. Do you recognize
> this? Olafur and I have some ideas on keeping those zone transfers
> small. Your feedback is appreciated.
>
>   http://www.ietf.org/internet-drafts/draft-mekking-mixfr-01.txt

I see the motivation, and the proposed approach of MIXFR may make
sense.  But, just like for any kind of optimization ideas, I would
wonder whether this could be a premature one.  Do you have any
measurement of the effect of this idea?

On the draft text (also related to this higher level point):

   The goal of this proposal is to allow small changes to be
   communicated over UDP, and remove as much redundant information from
   the zone transfer as possible.

We still need to send new RRSIGs, and since the main concern is the
size of them (whether they are to be removed or added), I guess
sending a non-negligible number of RRSIGs could easily require TCP,
even if we can omit a half of them.  So I'm not sure how often we can
avoid falling back to TCP (M)IXFR thanks to this in practice.  Again,
some actual measurement or at least a quantitative analysis may help.

Regarding Section 5 (IXFR Gone Wild: Even more optimized transfers):
if we go this far, I wonder whether we might just use generic and more
efficient compression and exchange compressed data.

--
JINMEI, Tatuya

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to