Matthijs Mekking wrote: > IXFR with DNSSEC is suddenly not so small anymore. Do you recognize > this?
That is a problem of DNSSEC and, worse, even with the proposal, neither AXFR nor IXFR won't be so small. So, if the point of the proposal is to make IXFR with DNSSEC small, the proposal is wrong. Even if it is not and something should change, it should be done only after DNSSEC specification stabilizes (e.g. no new NSEC* proposals any more for considerable amount of time and most of NSEC* is obsoleted). > Olafur and I have some ideas on keeping those zone transfers > small. Wrong. With DNSSEC, you can't keep them small. The conventional wisdom widely deployed by many operators is not to use DNSSEC, which is not very secure. Masataka Ohta _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop