> On 8 Oct 2021, at 02:44, Andrew Sullivan <a...@anvilwalrusden.com> wrote:
>
> Still speaking only for myself :)
>
> On Thu, Oct 07, 2021 at 02:49:53PM +1000, George Michaelson wrote:
>>> if there's ever been explicit protocol requirement of this, I have
>>> forgotten it.
>>
>> Sorry, but I think this is just an over-reach. There is no necessary
>> reason for a single information model to break.
>
> And this, of course, is why there isn't such an explicit protocol requirement
> (and also why we weren't able to get to consensus on MUST set CD on queries):
> these things represented protocol changes, however trivial, and people didn't
> accept they were absolutely necessary so the answer was no. From the point
> of view of an implementer coming along later, however, it sure seems like a
> gap in the protocol (particularly if you want to maximize interoperability).
> After all, while we might say, "It's one information model and you need to
> understand the interactions of the model components," the chances are good
> that an implementer will _not_ understand those interactions or even
> componets, and will mess up the implementation accordingly.
>
> Best regards,
>
> A
The model used to develop DNSSEC was a single cache with only validated
answers in it. If you got asked with CD *and* it is not cached you ask
upstream with CD, pass the answer through without validating it, then
possibly validate and cache it. If you have a cached answer you just
return it (validated as secure or validated as insecure).
That is the model that was used to develop DNSSEC.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
