Peter van Dijk <peter.van.d...@powerdns.com> wrote: > > https://datatracker.ietf.org/doc/draft-ietf-dnsop-ns-revalidation/ > > As I understand the draft, the revalidation can happen in parallel to > the actual query the user is waiting for. Any setup/discovery of secure > transports would have to happen before that, so I'm not sure we can say > 'on top of delegation revalidation, TLSA lookups are basically free'.
Yes, this still needs to be thought through more carefully, and measured in the real world. There are at least a couple of issues that worry me: * Exactly how bad is the extra latency? * How bad / avoidable are the lurking interop traps? Likely at least two flavours of the latter: due to asking for TLSA, or due to deeper iterative resolution into the nameserver's name's zone. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Lough Foyle to Carlingford Lough: Southwest 6 to gale 8, veering northwest 7 to severe gale 9, increasing storm 10 for a time in North Channel, decreasing 3 to 5 later. Moderate or rough, becoming rough or very rough, occasionally high for a time in north. Squally showers. Moderate or good, occasionally poor. _______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy