In message <0cff2137-a8b7-44bb-a2a7-6bd3cd0db...@verisign.com>, "Wessels, Duane " writes: > > On May 27, 2015, at 10:32 AM, Joe Abley <jab...@hopcount.ca> wrote: > > > > It's not obvious that this is a problem for anybody, though; it's not > > like you'd expect to see a TLSA RRSet in there. > > Isn't this truly a problem because if my cache is cold (for the zone in > question) my recursive name server > could send it a query for "_443._tcp.www.example.accountant. TLSA" (to > keep picking on them) which would then > just timeout?
Yes and you never know when a resolver will go back to a TLD to get a referral. > DW -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
