> From: Olafur Gudmundsson <[email protected]> > Your calculations on the amplification are good illustration, but assume that > the resolvers use > the parental provided NS set, not the child side provided NS set. > In the case of google.co.jp. > JP side NS has TTL of 1 day but google.co.jp side has is 96 hours (4 days) > Unbound resolver has by default of MaxTTL 1 day thus it does not matter in > the case of google.co.jp > which NS set is stored, but other resolvers do different things.
Thanks. Some domain names use shorter NS TTL values. > In short I think the simple conclusion is > "signed domain will see increased DS traffic for unsigned child domains" Agree. I would like to know whether the increase of DS queries are observed commonly or not. (with small NCACHE TTL value) -- Kazunori Fujiwara, JPRS <[email protected]> _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
