[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Q-03: inclusion of KEY records in additional records section
On Thursday 24 April 2003 01:44 am, Paul Vixie wrote:
> > Listed below in order of frequency of inclusion of KEY RRset
> > in additional section:
> > 1. Always include covering KEY
> > 2. Include covering KEY on referral only
> > 3. Never
> > Please express preference on which rule to pick, and why.
>
> #3. the time the KEY is needed is the first time a validator sees a SIG
> with that keyname. there is no way for a server to know when that's
> occuring. including it every time the SIG is exposed (as in #1 above)
> would waste resources. including it only in the case of a referral (#2
> above) misses the target since the next key the validator will need is
> in the child zone and won't be the one you're including.
Would choosing option #1 waste resources that are important? I can see how
it will make response sizes larger, but so what? Bandwidth gets cheaper
over time, and DNS is already a near insignificant portion of overall IP
traffic. What other resources does this waste?
Choosing #3 forces more round trips. Network latency has a fixed upper
limit. Of course, more round trips does not ncessarily mean more latency
on the query as a whole, as clients can do parallel queries.
I'm just trying to make sure that we are optimizing the right thing here.
> > Should inability to include one or both of the KEY RRsets cause the
> > TC bit to be set ? (RFC2535 said no)
>
> no.
If this remains true, then option #1 would effectively be an unenforceable
recommendation.
--
David Blacka <davidb@verisignlabs.com>
Sr. Engineer Verisign Applied Research
--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>