Dhalgren Tor: > Respectfully, I disagree. > https://lists.torproject.org/pipermail/tor-relays/2015-October/007904.html wrote: > Spent a few minutes activating the DNSSEC trust-anchor for 'unbound'. > > Ran 'dig' on a few signed domains and observed that queries that took > under 50 milliseconds without went to 2000 milliseconds with. > > My attitude toward DNSSEC has deteriorated steadily over time and this > finishes it off for me. It's simply not worth the cost. Many serious > folk have commented in detail on what a horror show it is. > > Disabled it on the exit. > > Without DNSSEC, 'unbound' has been reporting: > > server stats for thread 0: 1296326 queries, 454942 answers from cache, > 841384 recursions, 0 prefetch > server stats for thread 0: requestlist max 112 avg 28.1553 exceeded 0 jostled 0 > histogram of recursion processing times > [25%]=0.00737672 median[50%]=0.0492239 [75%]=0.144125 I'll do some comparisons over some weeks or months and come back to this once I have some more data to show. -- https://mastodon.social/@nusenu twitter: @nusenu_
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays