On 15-01-15 19:33, 神明達哉 wrote:
> At Thu, 15 Jan 2015 11:13:10 +0100,
> Matthijs Mekking <matth...@pletterpet.nl> wrote:
> 
>> IXFR with DNSSEC is suddenly not so small anymore. Do you recognize
>> this? Olafur and I have some ideas on keeping those zone transfers
>> small. Your feedback is appreciated.
>>
>>   http://www.ietf.org/internet-drafts/draft-mekking-mixfr-01.txt
> 
> I see the motivation, and the proposed approach of MIXFR may make
> sense.  But, just like for any kind of optimization ideas, I would
> wonder whether this could be a premature one.  Do you have any
> measurement of the effect of this idea?

Not yet, but it is on my wish list to investigate this more and measure
some use cases. My idea here is to look at TLDs, since those are large
and dynamic zones.


> On the draft text (also related to this higher level point):
> 
>    The goal of this proposal is to allow small changes to be
>    communicated over UDP, and remove as much redundant information from
>    the zone transfer as possible.
> 
> We still need to send new RRSIGs, and since the main concern is the
> size of them (whether they are to be removed or added), I guess
> sending a non-negligible number of RRSIGs could easily require TCP,

We would always have to send new RRSIGs, I can't really see how we could
live without?


> even if we can omit a half of them.  So I'm not sure how often we can
> avoid falling back to TCP (M)IXFR thanks to this in practice.  Again,
> some actual measurement or at least a quantitative analysis may help.
> 
> Regarding Section 5 (IXFR Gone Wild: Even more optimized transfers):
> if we go this far, I wonder whether we might just use generic and more
> efficient compression and exchange compressed data.

I think reusing the current format of the protocol aids deployability.
If we are indeed going this far and introduce a new transfer format I
indeed believe we could very well end up with a more generic compression
solution.

Thanks,
  Matthijs


> 
> --
> JINMEI, Tatuya
> 

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to