Robert Edmonds wrote: > 神明達哉 wrote: > > p.s. in my understanding Unbound adopts hash-based data structure for > > cached RRsets. If it still supports nxdomain-cut as described in > > Section 8, an argument against the proposal by referring to that type > > of implementation might sound less convincing. > > My understanding is that Unbound employs at least two hash-based data > structures, one for whole messages (msg-cache-* parameters) and one for > individual RRsets (rrset-cache-* parameters). > > It's also my understanding that Unbound already implements the > resimprove-00 §3 behavior when configured with "harden-below-nxdomain: > yes", but it defaults to off (only?) because "it is not an RFC".
Actually, I was misremembering this. Unbound's harden-below-nxdomain behavior is much more conservative than resimprove, since it only considers NXDOMAINs that are DNSSEC-secure. But it still does use an "upwards" algorithm (successively strip labels off the QNAME) in a hash-based cache to find an applicable NXDOMAIN. -- Robert Edmonds _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
