Promoting DNSSEC to nay-sayers

Warren Kumari warren at
Fri Sep 29 16:27:55 UTC 2017

On Fri, Sep 29, 2017 at 4:41 AM, Tony Finch <dot at> wrote:
> sthaug at <sthaug at> wrote:
>> > There's a really neat DNSSEC-related improvement on the way: RFC 8198
>> > negative answer synthesis. This should greatly reduce the amount of junk
>> > queries to the root name servers (and other parts of the namespace too).
>> > Should be particularly good for mail servers that deal with amazing
>> > amounts of toxic waste.
>> Which begs the question: Should we expect Joe Average DNS Administrator
>> to care about the amount of junk queries to the root name servers?
> You win from lower latency responses and wasting less RAM on negative
> cache entries.

You also win (IMO, the biggest win) if you are authoritative and have
signed your zone -- if cuts down on the pain you feel from (many of
the current) DoS attacks.


> Tony.
> --
> f.anthony.n.finch  <dot at>  -  I xn--zr8h punycode
> Cromarty, Forth, Tyne, Dogger: South or southwest 5 or 6. Moderate,
> occasionally rough in Cromarty. Rain at first, then showers. Moderate,
> becoming good.
> _______________________________________________
> bind-workers mailing list
> bind-workers at

I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.

More information about the bind-workers mailing list