On Thu, Feb 25, 2016 at 1:36 PM, Paul Hoffman <[email protected]> wrote:
> On 25 Feb 2016, at 10:32, Ted Lemon wrote: > > An additional point about this: the case where the cheese shop solution >> works is really the case where large service provider DNS caches do the >> aggressive caching. In this case we can get the same benefit without >> DNSSEC by simply keeping a complete copy of the root zone at the DNS >> cache. This adds a small operational complexity in keeping that copy up >> to date, but eliminates the implementation complexity of the cheese shop or >> fullly aggressive NSEC cache. >> >> So why isn't that a better way to address this problem? >> > > Saying "without DNSSEC" doesn't seem like a better way to address any > problem... > "without adding more code that has to deal with the complexity of DNSSEC NSEC records" DNSSEC will still be in use, but we don't need any new code to do a local copy of root. -- Bob Harold
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
