On Fri, 3 Sep 2021, Alexander Mayrhofer wrote:
In some deployments of larger (eg TLD), in-memory zone size on the authoritative servers is a significant issue, particularly if the total memory size required is multiplied by hundreds of anycast nodes.
Why would you calculate the cost of memory across many independent nodes? That seems to become a financial rather than technical issue.
Opt-out for such zones with sparse DNSSEC deployment can make a big operational / cost difference there. Maybe that aspect should be included in the document.
I myself think we have reached the point where memory on nodes is so cheap, it is not worth the security degradation to use opt-out. I guess with aggressive nsec, you might even gain some CPU cycles back for that extra memory used, and receive less queries too? Saving you some money? Paul _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
