I wouldn't be opposed to this in principle -- say an RR count field. For this to be useful in an unsigned zone then all you need is for the ZONEMD (with RR count field) to be received early in the AXFR. If it is at the end then this field doesn't help.
For a signed zone, we'd have to think about whether the ZONEMD record should be DNSSEC validated before trusting the RR count field. If yes then you need the signatures and NSEC* records too, so it becomes sort of complex when you'd be able to trust and check the RR count. But it seems to me like this is better suited to be a feature of AXFR in general, rather than ZONEMD. DW > On Jul 23, 2018, at 10:43 AM, Florian Weimer <f...@deneb.enyo.de> wrote: > > The ZONEMD record should contain a size indicator for the zone, > something that allows a receiver to stop downloading if it is clear > that the served zone is too large. Otherwise, the receiver has to > download the entire zone before it can determine that the hash does > not match. > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
