[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DNSSEXT Yokohama Minutes

To: namedroppers <namedroppers@ops.ietf.org>
Subject: Re: DNSSEXT Yokohama Minutes
From: Paul Vixie <paul@vix.com>
Date: Wed, 04 Sep 2002 14:23:21 +0000
In-reply-to: Message from Roy Arends <roy@logmess.com> of "Wed, 04 Sep 2002 09:17:51 +0200."<Pine.LNX.4.44.0209040906190.8263-100000@elektron.atoom.net>

> The example I gave in Yokohama had not a match with any QNAME:
> 
> cached was:
> 
> a NXT e
> c NXT f
> 
> and the query is for d. Which proof of non-existence does a cache return.

it's starting to seem to me that answers containing NXT should include an
SOA in the authority section.  (even though that means nonauthoritative
servers will have to cache them, which today is illegal.)  when new secure
(verified) data arrives with a later SOA.SERIAL, all the older cached data
for that zone becomes invalid.

this is something we've discussed previously for all data, not just security
metagoo.  it has a high price both in storage, transport, and computation,
but not as high as dnssec overall, so i think it's finally worth considering.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: DNSSEXT Yokohama Minutes
  - From: Edward Lewis <edlewis@arin.net>

References:
- Re: DNSSEXT Yokohama Minutes
  - From: Roy Arends <roy@logmess.com>

Prev by Date: Re: DNSSEXT Yokohama Minutes
Next by Date: Re: DNSSEXT Yokohama Minutes
Previous by thread: Re: DNSSEXT Yokohama Minutes
Next by thread: Re: DNSSEXT Yokohama Minutes
Index(es):
- Date
- Thread