On 27. 01. 26 15:07, Wes Hardaker wrote:
Mark Andrews <[email protected]> writes:
Whether IXFR is useful or not depends on how the zone is
signed. Incrementally as records are updated or if the zone is fully
resigned on every update. The server for the zone can determine if the
IXFR delta response would be bigger than the AXFR style response
a. Servers already switch style of response based on expected
transmission size.
True. And frequent small signing events of small record sets, like some
automated DNS signers do, means that lots of IXFRs may indeed be
helpful.
That's not the case for the root though.
Are we designing generic protocol, or a workaround based on existing
state of things? I'm not aware of a fundamental reason why root cannot
be resigned incrementally.
Doing smaller changes would even help the HTTP distribution case if we
cared enough to use a delta-transfer mechanism.
--
Petr Špaček
_______________________________________________
DNSOP mailing list -- [email protected]
To unsubscribe send an email to [email protected]
