One question/caveat: What would the practical impact be, if the TTL on the SOA were the same as the default negative caching TTL (for the NXDOMAIN)?
I think it would be slightly less sniffy, to have the NXDOMAIN and the synthesized SOA both disappear at the same time. IIRC, the TTL would then need to be 900 rather than 604800. Brian On 2/22/13 8:49 AM, "Joe Abley" <jab...@hopcount.ca> wrote: > >On 2013-02-22, at 09:39, Mark Andrews <ma...@isc.org> wrote: > >> I can well imagine a machine doing a reverse lookup on a proposed >> address and not proceeding with that address if it doesn't get a >> NXDOMAIN. >> >> NODATA -> unsafe >> NXDOMAIN -> may be safe > >So, out of interest, do you think it's legitimate for an omniscient >server to return something like this? (note the RCODE and the SOA RRSet >returned in the authority section) > >;; Got answer: >;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41208 >;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 >;; WARNING: recursion requested but not available > >;; QUESTION SECTION: >;1.1.1.10.in-addr.arpa. IN PTR > >;; AUTHORITY SECTION: >1.1.1.10.in-addr.arpa. 604800 IN SOA prisoner.iana.org. >hostmaster.root-servers.org. 1 1800 900 604800 604800 > >;; Query time: 3 msec >;; SERVER: 192.175.48.6#53(192.175.48.6) >;; WHEN: Fri Feb 22 13:45:36 2013 >;; MSG SIZE rcvd: 116 > >That would be a simple change to the spec. We chose NOERROR/ANSWER:0 >because we thought it didn't make sense to say NXDOMAIN whilst at the >same time synthesising an authority-section SOA with the same owner name >as the QNAME when the RCODE we're returning indicates that that owner >name doesn't exist. > >As someone familiar with implementing the receiver side of this hack, >would/should this negative answer be cached? > > >Joe >_______________________________________________ >DNSOP mailing list >DNSOP@ietf.org >https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
