On Mon, Mar 14, 2016 at 08:31:45PM -0400, Robert Edmonds <edmo...@mycre.ws> wrote a message of 59 lines which said:
> Could the rule be relaxed so that the process of considering whether > a cached NXDOMAIN in a parent zone is applicable to the name being > looked up can be delayed until immediately prior to transmitting a > query to an authoritative server? The current version of the draft allows this behavior, it was one of the changes between -00 and -01. -00 was written in a way that could have been interpreted as "delete data NOW". > The data model is a tree, yes, but caching up to the maximum TTL > value allowed is permitted Yes. > and widely expected, I'm not sure about "widely expected". It seems to me it confuses many people when QNAME=example elicits NXDOMAIN but a later QNAME=foobar.example succeeds. Anyway, keeping cached date as long as the TTL is positive, even if they are under a NXDOMAIN cut, is allowed (that's the point of a SHOULD, after all). May be adding at the end of section 5 "Implementation considerations": Another reason why a resolver could find useful to send positive responses located under a NXDOMAIN cut, is the case where the resolver already has cached data (and the TTL is of course not expired) and continues to serve it. [End of addition] For the "cache efficiency" and "protection against random QNAME attacks" motivations, it would change nothing (if the data is cached, the resolver won't bother the upstream server). But I still find it disturbing and contrary to the tree model of domain names. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop