I presume NSEC Aggressive Use will significantly reduce the amount of crap hitting the root servers.
Given how much capacity the root servers already have to provision to deal with that crap, I don't think a massive increase in legitimate (NSEC Aggressive Use-implementing) resolvers will move the needle significantly. Regards, -drc > On Dec 15, 2016, at 1:00 PM, Ted Lemon <[email protected]> wrote: > > Billions and billions of them? How often do they query the root, do you > think, compared to a stub resolver that did recursion itself? > > On Thu, Dec 15, 2016 at 3:57 PM, John R Levine <[email protected] > <mailto:[email protected]>> wrote: > Putting an iterative resolver in a stub resolver is an attack on the DNS > infrastructure. > > Ted might want to alert all of the BSD and linux distros that default to > running a copy of bind or unbound answering queries on 127.0.0.1. > > Regards, > John Levine, [email protected] <mailto:[email protected]>, Taughannock Networks, > Trumansburg NY > Please consider the environment before reading this e-mail. https://jl.ly > <https://jl.ly/> > > _______________________________________________ > homenet mailing list > [email protected] <mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/homenet > <https://www.ietf.org/mailman/listinfo/homenet> > > _______________________________________________ > DNSOP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dnsop Regards, -drc (speaking only for myself)
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
