Paul Hoffman wrote: > On Jul 9, 2014, at 11:15 AM, Paul Vixie <p...@redbarn.org> wrote: > >> Paul Hoffman wrote: >>> ... >>> Apologies, but that doesn't answer the question. In the face of lack of >>> resistance to DDoS attacks, why is it better to have more *authoritative* >>> root servers, as compared to validating recursive resolvers that have an >>> up-to-date signed copy of the root? Similarly, for purely local >>> communication, why is it better to have more *authoritative* root servers? >>> The last sentence above makes good sense, but it too is not related to the >>> number authoritative servers. >>> >> my comparison of the recursive vs authoritative approach to scaling root >> name service was given in the attached e-mail. --vix > > I'll take that as a "no" to you having answers to the questions about why it > is better to have the additional servers be authoritative.
i don't know how to state the case more clearly. my answer is not "no" as you surmise. the cost of the recursive solution is high and the benefit low. the cost of the authoritative solution is low and the benefit high. if you consider the number of operators involved, their skill and motivation levels, and the number of affected end users -- in each case -- you should be able to reason your way to the same conclusion. vixie
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
