[gtld-tech] Svelte CZDS zone files?

John Levine johnl at taugh.com
Tue Sep 13 21:00:18 UTC 2022

According to Viktor Dukhovni via gtld-tech <ietf-dane at dukhovni.org>:
>On Tue, Sep 13, 2022 at 03:09:26AM +0000, Eduardo Alvarez wrote:
>> We are currently working on other functional aspects of the system,
>> but we will take note of these suggestions for the team to consider
>> implementing into CZDS in the future.

>So it may be prudent for ICANN to look for ways to slim it down, and
>dropping the "derived" DNSSEC records (RRSIG and NSEC3 in this case)
>would considerably reduce the .COM zone footprint.

I agree that it would make sense to strip the RRSIG and NSEC/NSEC3 records
out of the distributed zone files. Before the zone files are
distributed, there is already an editing process to remove cruft in
the AXFR zone files. (For a while they had comments telling us where
the hidden masters were.) It should not be hard to adjust the
de-crufter to remove RRSIG and NSEC and NSEC3 as well.


More information about the gtld-tech mailing list