> On 20 Mar 2018, at 3:10 am, Vladimír Čunát <vladimir.cu...@nic.cz> wrote: > > On 03/18/2018 09:44 PM, Petr Špaček wrote: >> The current text in section 5 is written with an assumption that query >> with +CD bit cannot result in "Secure" status and thus cannot trigger >> sentinel processing, but this depends on implementation. > > I just want to note that this situation of answering +cd queries by > validated cached RRs isn't very implementation-specific. One way to > come to this: it seems generally desirable to have aggressive caching > (rfc8198) on forwarders, due to serving as a cache shared by multiple > resolvers, and validating resolvers tend to use +cd to query the > forwarders (rfc4035#section-3.2.2).
You can’t assume whether CD will be 1 or 0 when the client is validating. Both types of queries are useful. The mentioned section just fails to discuss the CD=0 case. > --Vladimir > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop