In message <canljsvuujmurfn-xf_gptjrlsbmc5fwceoada5-sncbfzfn...@mail.gmail.com> , abby pan writes: > > Mark Andrews <ma...@isc.org> > > > > > > another choice : Authority Server return NODATA/NXDOMAIN as nxdomain > > cut, > > > but no change on DNS cache. Some impact on NSEC/NSEC3 records. > > > > > > - no names under foo.example => NXDOMAIN at foo.example > > > > If you want to signal NOERROR + bottom of zone you need a new rcode > > and signaling that you support the new rcode. The above imply is > > just wrong as it changes what NXDOMAIN means. > > > > > - zone with bar.foo.example, where foo.example does not exist => > NODATA > > > or NOERROR + NULL Answer at foo.example > > > > Well a explict NODATA rcode would be useful and again signaling of > support > > for the new rcode is needed. > > > > NXDOMAIN at a empty non terminal only came about as the result of > > bad wording in RFC 2535. "no names" should have been "no names > > with data" (the difference is crucial in determining which rcode > > is returned). Only RFC 2535 nameservers are allowed to return > > NXDOMAIN for a empty non-terminal and they should few and far between > > these days. Every other NXDOMAIN at a empty non terminal is the > > result of miss-interpreting STD 13 or a operational error e.g. > > missing delegation in a parent zone. > > > > the point is : change NXDOMAIN means, indicated with subtree info, yes or > no ? > > if dns cache deal with the nxdomain cut, that is yes.
No, we can't change what NXDOMAIN means. We can add a new rcode that say a name is at bottom of zone and is not a delegation. > we can change the NXDOMAIN means on authority server response, not create > new rcode ( same benefit at draft-ietf-dnsop-qname-minimisation , reduce > flush domaintree/hashtable on dns cache ) NXDOMAIN at foo.example => no names under foo.example no names under foo.example =/> NXDOMAIN at foo.example Mark > -- > > Best Regards > Pan Lanlan -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
