On Aug 2, 2022, at 7:57 AM, Vladimír Čunát <vladimir.cunat=2Bietf=40nic...@dmarc.ietf.org> wrote: > > Hello. > > This line is misleading, I believe: > > >> - RFC8198 describes how a validating resolver can emit fewer queries in >> signed zones that >> use NSEC for negative caching. > > That RFC describes aggressive caching also for NSEC3 and (positive) > wildcards. (Of course, opt-out NSEC3 records are basically useless, but many > zones are without opt-out.) > > For example, the formulation could be simply truncated as: > > RFC8198 describes how a validating resolver can emit fewer queries in > > signed zones.
I would rather mention NSEC/NSEC3 so the reader gets an idea for the mechanism in RFC 8198. I left off NSEC3 because I thought that basically all use of NSEC3 was with opt-out, but if I'm wrong, I could put it in the text. --Paul Hoffman
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop