/plushcap/analysis/cloudflare/black-lies

Economical With The Truth: Making DNSSEC Answers Cheap

What's this blog post about?

Cloudflare has implemented a unique approach to handling negative answers in DNSSEC by using "black lies" and the "DNS shotgun." This method reduces compute cost and helps keep packet size small, allowing them to provide DNSSEC for free for any domain. The technique involves returning false previous and next names in NXDOMAIN responses and setting all types in NODATA responses, which ensures compliance with existing standards while minimizing the need for database lookups or precomputation of dynamic answers.

Company
Cloudflare

Date published
June 24, 2016

Author(s)
Dani Grant

Word count
2367

Hacker News points
None found.

Language
English


By Matt Makai. 2021-2024.