I won't be arguing for or against MBA as I haven't read the proposal yet. Just some points about DNS: On 2004-05-28 10:13:19 -0700, William Leibzon wrote: > On Fri, 28 May 2004, Everton da Silva Marques wrote: > > > (so TTL will have to be kept very low and > > > caching is not possible, which is main advantage > > > of dns protocol) > > > > TTL won't have to be kept low, as the RRs aren't > > updated once published, > That is not correct, the zone itself needs to be updated with every > message that passed through. This requires very very low TTL Why? The TTL of existing records has nothing to do with the rate at which new records can be added. > > > large and that creates problems with > > > DNSSec. This system is completely unusable for > > > any large company. > > > > Can we define large company in numbers? How about 100 msg/s outbound > > rate per senderdomain/server pair? > I was thinking larger, but lets take the 100 msg/second example if you wish > While many messages will pass from one server to another quickly, the standard > is to retry delivery on failed nodes for up to 5 days and since you don't > know if end-user MTA is directly connected or not, nor do you know how many > extra nodes the message would go through, you will have to keep this data > for at least 5 days as well. > So we have: > 1. Necessity to update dns zone 100 times per second > 2. Necessity to keep 100*60(1 min)*60(1 hour)*24(1 day)*5=43,200,000 > (that is 43 million) records in one dns zone file > 3. Each record requires about extra 100bytes (as from your example) in > dns zone, based on above the size of dns zone file will grow up to > 5GB in size. That is far too large to allow to to be transmitted > through DNSSec Why does it have to be transmitted through DNSSec? Does it have to be transmitted in one piece at all? Obviously you wouldn't implement a zone with 43 million records with bind and flat ascii zone files. You would use some kind of database which allows easy addition and deletion of records and have the DNS server access the database. Replicating the database to secondary DNS servers would then be done using the replication mechanisms of the database, not those of DNS. hp -- _ | Peter J. Holzer | I think we need two definitions: |_|_) | Sysadmin WSR | 1) The problem the *users* want us to solve | | | hjp at hjp.at | 2) The problem our solution addresses. __/ | http://www.hjp.at/ | -- Phillip Hallam-Baker on spam
Attachment:
pgpRdZzwAoy02.pgp
Description: PGP signature
_______________________________________________ Asrg mailing list Asrg at ietf.org https://www1.ietf.org/mailman/listinfo/asrg