On 13. 04. 21 18:40, Viktor Dukhovni wrote:
- With NSEC you benefit from aggressive negative caching reducing
query load on your authoritative server.
Tiny detail: NSEC3 without opt-out also allows aggressive caching with
the same benefits but it's less common. (so NSEC does give advantage there)
Tony> Maybe use NSEC3 if you have a stunt DNS server like Cloudflare's that is
able to generate narrow NSEC3 denials
I think even for online minimal responses, NSEC will be a slightly
better choice. (Cloudflare are such an example)
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
