Economical With The Truth: Making DNSSEC Answers Cheap
Cloudflare has implemented a unique approach to handling negative answers in DNSSEC by using "black lies" and the "DNS shotgun." This method reduces compute cost and helps keep packet size small, allowing them to provide DNSSEC for free for any domain. The technique involves returning false previous and next names in NXDOMAIN responses and setting all types in NODATA responses, which ensures compliance with existing standards while minimizing the need for database lookups or precomputation of dynamic answers.
Company
Cloudflare
Date published
June 24, 2016
Author(s)
Dani Grant
Word count
2367
Language
English
Hacker News points
None found.