Content Deep Dive
Economical With The Truth: Making DNSSEC Answers Cheap
Blog post from Cloudflare
Post Details
Company
Date Published
Author
Dani Grant
Word Count
2,367
Company Posts That Month
Language
English
Hacker News Points
-
Source URL
Summary
Cloudflare has implemented a unique approach to handling negative answers in DNSSEC by using "black lies" and the "DNS shotgun." This method reduces compute cost and helps keep packet size small, allowing them to provide DNSSEC for free for any domain. The technique involves returning false previous and next names in NXDOMAIN responses and setting all types in NODATA responses, which ensures compliance with existing standards while minimizing the need for database lookups or precomputation of dynamic answers.
Trends Found in this Post
No tracked trend matches for this post yet.