On Thu, Mar 14, 2024 at 9:17 PM Douglas Foster < dougfoster.emailstanda...@gmail.com> wrote:
> All of this is based on my slightly confrontational comment that "Tree > Walk is inefficient and unreliable", which maybe needs elaboration. My > approach to the problem changed dramatically when I discovered, by > accident, that a subset of DNS servers will refuse to answer queries that > produce NXDOMAIN, and a non-response does not come with a TTL value. > Additionally, the increase in DNS traffic of at least 100% will be > mostly NXDomain queries, while the raw volume will also increase the > frequency of random DNS timeouts. All of this means that a successful > implementation needs to have optimizations which ensure known answers are > cached, especially if that result was obtained after experiencing timeout > errors. I don't think the oblique reference to DNS timeouts comes close > to documenting the severity of the problem. > It's alarming to hear that NXDOMAIN replies are never issued or (perhaps more likely) are dropped by some software or firewalls. It completely prevents any benefits of negative caching. I wonder what the DNS community might have to say about this practice. I can ask at 119 next week. Has anyone else observed this phenomenon? I don't know that DMARC should talk about caching answers, since it's my impression that applications typically rely on their resolvers to implement caching according to DNS best practices. DMARC caching would be largely redundant to DNS caching, and might mess with domain owners' intentional use of their TTL values. -MSK, participating
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
