Re: [DNSOP] draft-ietf-dnsop-nsec3-guidance: fresh iteration count stats
Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 04 November 2021 21:58 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A400A3A0C57 for <dnsop@ietfa.amsl.com>; Thu, 4 Nov 2021 14:58:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3jJGbRXo7Ziq for <dnsop@ietfa.amsl.com>; Thu, 4 Nov 2021 14:58:30 -0700 (PDT)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D0673A0C54 for <dnsop@ietf.org>; Thu, 4 Nov 2021 14:58:30 -0700 (PDT)
Received: from smtpclient.apple (unknown [63.88.3.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by straasha.imrryr.org (Postfix) with ESMTPSA id B984FBB118 for <dnsop@ietf.org>; Thu, 4 Nov 2021 17:58:28 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <212058DD-8C52-4934-BFF0-1902B689B657@dukhovni.org>
Date: Thu, 04 Nov 2021 17:58:28 -0400
Content-Transfer-Encoding: quoted-printable
Reply-To: dnsop@ietf.org
Message-Id: <E76161C5-8270-4011-A66B-FD1E5F5512A1@dukhovni.org>
References: <163434063744.31980.3246351021399660138@ietfa.amsl.com> <YWz7h0bOD5Yw1iFH@straasha.imrryr.org> <212058DD-8C52-4934-BFF0-1902B689B657@dukhovni.org>
To: dnsop@ietf.org
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/q9PaBRN8dgQ6lRCc1C_1wsQrq5k>
Subject: Re: [DNSOP] draft-ietf-dnsop-nsec3-guidance: fresh iteration count stats
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Nov 2021 21:58:35 -0000
If there's appetite to go even lower than 50, the relevant counts are: 8898 21 6 22 19 23 87 24 13 25 1 27 1 29 14 30 4 31 39 32 1112 33 33 35 1 39 43384 40 35 42 12281 50 Since the zone count for 20 in mid October was 531,146, that seems to be the lowest realistic limit we can impose, if we're willing to apply enough pressure to also get the ~66k zones between 21 and 50 to make changes. > On 4 Nov 2021, at 4:46 pm, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote: > > Just in case further reductions occurred since mid-October, I did a quick > rescan of zones which had >= 51 iterations, and the absolute frequencies > are below. Still mostly negligible, except for 100, 150, and a small > Raytheon bump at 500. So the question boils down to whether we want to > nudge the 150s and perhaps also the 100s down to either 100 or 50, setting > the recommended resolver limit there (and of course still strongly recommend > the auth zone signers to use 0). > > 1 51 > 19 52 > 1 53 > 1 54 > 1 55 > 2 56 > 1 60 > 1 61 > 12 64 > 1 67 > 2 69 > 75 75 > 1 80 > 8 81 > 5 84 > 33 85 > 20 90 > 1 96 > 11 99 > 20038 100 -- Viktor.
- [DNSOP] I-D Action: draft-ietf-dnsop-nsec3-guidan… internet-drafts
- Re: [DNSOP] draft-ietf-dnsop-nsec3-guidance: fres… Viktor Dukhovni
- [DNSOP] draft-ietf-dnsop-nsec3-guidance: fresh it… Viktor Dukhovni
- Re: [DNSOP] draft-ietf-dnsop-nsec3-guidance: fres… Viktor Dukhovni
- Re: [DNSOP] draft-ietf-dnsop-nsec3-guidance: fres… Viktor Dukhovni