On 25 Feb 2016, at 10:32, Ted Lemon wrote:
An additional point about this: the case where the cheese shop
solution works is really the case where large service provider DNS
caches do the aggressive caching. In this case we can get the same
benefit without DNSSEC by simply keeping a complete copy of the root
zone at the DNS cache. This adds a small operational complexity in
keeping that copy up to date, but eliminates the implementation
complexity of the cheese shop or fullly aggressive NSEC cache.
So why isn't that a better way to address this problem?
Saying "without DNSSEC" doesn't seem like a better way to address any
problem...
--Paul Hoffman
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
