On Fri, Mar 11, 2016 at 08:52:20PM +0000, Ted Lemon <[email protected]> wrote a message of 49 lines which said:
> Right here: > > When an iterative caching DNS resolver receives a response NXDOMAIN, > it SHOULD store it in its cache and all names and RRsets at or below > that node SHOULD then be considered to be unreachable. Subsequent > queries for such names SHOULD elicit an NXDOMAIN response. > > "At or below" assumes a tree. Just because it isn't explicitly > mentioned doesn't mean that it's not saying that! For the record, I fully agree with the explanations of Shumon Huque <https://mailarchive.ietf.org/arch/msg/dnsop/WaaprcPTpMnDEwheVin0Zz4Lg8Q> and Paul Vixie <https://mailarchive.ietf.org/arch/msg/dnsop/LAYTX-rBH5qqOjy_dIaCh1esjyw> Whether you like it or not, domain names are a tree. A DNS server can choose its data structures as it wishes but it will still have in some cases to understand the tree semantics. I suggest to add in section 1.1 "Terminology": The domain name space is conceptually defined in terms of a tree structure. The implementation of a DNS resolver/cache MAY use a tree or other data structures. Sometimes, this document mentions tree operations, because it is the way domain names are defined, but it does not imply that the inner implementation of the server uses a tree. > But this draft isn't really adressing an operational problem: your > motivation for doing this is to support DPRIVE, Not at all and it is not mentioned anywhere. I even do not see the relationship with the work of DPRIVE (encryption of the DNS). There is some relationship with other work done at DNSOP (QNAME minimisation) but the main motivation, as explained in the draft is a better efficiency of the caches (see section 3). If you want the whole truth, there is another motivation, undocumented, an aestethic motivation: NXDOMAIN cut is more beautiful, because it respects the tree structure of the DNS. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
