Mostly OK, but >* why SOA records are not usable here
I would remove all of the discussion about SOA. You cannot infer anything about the structure of the zone from the SOA other than the obvious fact that the SOA is the root of the zone. For the cache purges, I'd say that the cache SHOULD purge any names under the NXDOMAIN name, but we realize that in some caches that may be infeasible. If you want to say something interesting about future directions, say that in DNSSEC with NSEC the NXDOMAIN response includes the names lexically before and after the name you asked about, so the cache can safely synthesize NXDOMAIN responses for all names in that range. When I suggested this a few years ago, people told me I was stupid, but when it came up again more recently, people grudgingly admitted it was reasonable. For applications like IPv6 rDNS and DNSBLs where there are a lot of queries into a very sparse namespace, it should be a win. R's, John _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
