Quantifying DNSSEC Overhead
January 14 2010 by 
Cricket Liu (Infoblox)
I realized last week that I'd never actually traced all the queries sent and responses received by a recursive name server resolving a domain name in a zone signed with DNSSEC. I decided to trace the recursive resolution of an RRset in a signed top-level domain, since I wanted to see the "chain of trust" in action. I knew .org was signed and figured isc.org (the Internet Systems Consortium's domain) would probably already have a DS (Delegation Signer) record.
Posted in DNSSEC | BIND | 
13 comments
