[nsd-users] NSD TCP performance
Jaap Akkerhuis
jaap at NLnetLabs.nl
Fri Nov 9 18:46:58 UTC 2007
On Fri, Nov 09, 2007 at 12:06:20PM -0500, nsd at dclg.ca wrote:
> I'd like to have a look at this patch. Maybe the patch can be worked
> ina more acceptable manner. My client is very concerned about TCP
> performance because of DNSSEC being on the horizon.
Of course, TCP isn't maybe the only way DNSSEC will get responses,
The preferred way is to use EDNS0. If I remember correctly, it is a
requirement for DNSSEC (rfc 3226).
but it's a concern for sure. It also seems that this TCP issue
is a DoS waiting to happen, since it imposes rather more overhead,
AFAICT.
Yes, in general TCP connections take up more resources. That's
one of the motivations for ENDS0.
jaap
More information about the nsd-users
mailing list