Just to be clear, I think it's quite reasonable to encourage people to put
tokens at _name but I still see it as a matter of taste, not a technical
issue.
On Mon, 17 Jul 2023, Brian Dickson wrote:
TCP being triggered on resolver-auth is much more of concern, particularly
when the underlying cause (large RRsets) is preventable.
I take your point, but we're not talking about a lot of traffic. If any
particular token is checked as often as once a day, that's a lot. At what
scale does the TCP traffic become an issue?
The only somewhat plausible argument I see against stuffing the apex is
that if people are sloppy, they might invent tokens that could be confused
with each other.
The technical term would be "collision" rather than "confusion".
One harm of collision is the impact on automation. Whether at the apex or
in underscore prefixes, the collision "space" suffers from the "birthday
paradox" scaling problem.
The birthday paradox is relevant if you only have 366 birthdays, but not
if people are using 20 character identifier strings which give you a
10^25 point name space. (See the Cisco TXT records in my previous
message.) This is an aesthetic preference, not a technical one.
Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
