[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NSEC2- and an Authenticated Denial Mechanism Flag

To: namedroppers@ops.ietf.org
Subject: Re: NSEC2- and an Authenticated Denial Mechanism Flag
From: geoff@nominet.org.uk (Geoffrey Sisson)
Date: Wed, 26 May 2004 18:24:32 +0100 (BST)

Jim Reid <jim@rfc1035.com> writes:

>                               For instance, I can understand why DeNIC
> wouldn't want random users to be able to slurp the 1GB or so of the
> .de zone, guzzling bandwidth and needlessly loading the TLD's name
> servers.

The same `random users' which might be interested in `guzzling
bandwidth' with zone transfers will probably also be interested in
using scripts which effect NSEC RR elaboration, with even more
deleterious impact on resource utilisation.  This is of course also
possible with NSEC2 RRs, but will probably be interesting only to a
significantly smaller audience.

Regards

Geoff

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Prev by Date: Re: More on NSEC2 label size and DoS
Next by Date: Re: More on NSEC2 label size and DoS
Previous by thread: NIC-SE statement regarding NSEC zone walking
Next by thread: Re: NSEC2- and an Authenticated Denial Mechanism Flag
Index(es):
- Date
- Thread