I presume NSEC Aggressive Use will significantly reduce the amount of crap hitting the root servers.
Given how much capacity the root servers already have to provision to deal with that crap, I don't think a massive increase in legitimate (NSEC Aggressive Use-implementing) resolvers will move the needle significantly. Regards, -drc > On Dec 15, 2016, at 1:00 PM, Ted Lemon <mel...@fugue.com> wrote: > > Billions and billions of them? How often do they query the root, do you > think, compared to a stub resolver that did recursion itself? > > On Thu, Dec 15, 2016 at 3:57 PM, John R Levine <jo...@taugh.com > <mailto:jo...@taugh.com>> wrote: > Putting an iterative resolver in a stub resolver is an attack on the DNS > infrastructure. > > Ted might want to alert all of the BSD and linux distros that default to > running a copy of bind or unbound answering queries on 127.0.0.1. > > Regards, > John Levine, jo...@taugh.com <mailto:jo...@taugh.com>, Taughannock Networks, > Trumansburg NY > Please consider the environment before reading this e-mail. https://jl.ly > <https://jl.ly/> > > _______________________________________________ > homenet mailing list > home...@ietf.org <mailto:home...@ietf.org> > https://www.ietf.org/mailman/listinfo/homenet > <https://www.ietf.org/mailman/listinfo/homenet> > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop Regards, -drc (speaking only for myself)
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
