John R Levine wrote:
it can at that time flush any entries with names under the it. I
suppose that means that we need a cache where you can look down the
tree as well as up.
Which was exactly what was proposed in draft-vixie-dnsext-resimprove:
"When an iterative caching DNS resolver stores an NXDOMAIN in its
cache, all names and RRsets at or below that node should be deleted
since they will have become unreachable."
There's nothing wrong with doing that. I just don't see why it's any
more correct than believing the TTL that the server provided.
an authoritative nxdomain proves that there is nothing below that qname.
this obviates all prior positive responses for that qname -- you
wouldn't say that we should continue to send positive responses for
other data perhaps based on qtype as a differentiator, because the
definition of nxdomain is qtype-independent, i.e., it applies to a name.
for the same reason and in the same way, nxdomain applies to all
subdomains. it is not just talking about the qname.
--
P Vixie
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
