On Tue, Apr 8, 2014 at 6:50 PM, Mark Andrews <[email protected]> wrote: > In message <[email protected]>, Viktor Dukhovni > writes: >> For me doing it in application, means costly integration of complex >> code into the application that will add considerable latency because >> the application will have a cold DNSSEC cache (and will now need >> a cache where one was not needed before... The Plan-9 approach of >> moving security features into system services is I think far >> preferable. > > What latency? This is the output of delve (see BIND 9.10) which > is a is standalone stub validator talking to a local validating resolver > doing a full validation from the root. This uses exactly the same > code that named uses to validate its answers. The only difference > is a slightly different cache implementation is used. > > 28.321 - 28.298 = 00.023 > > from start to finish.
23ms is a lot in some contexts... Single run performance numbers are not that enough. The more interesting question is how the system performs under load with and without a local caching validating server. Nico -- _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
