In message <56e83f6e.2040...@redbarn.org>, Paul Vixie writes: > John R Levine wrote: > >>> it can at that time flush any entries with names under the it. I > >>> suppose that means that we need a cache where you can look down the > >>> tree as well as up. > >> > >> Which was exactly what was proposed in draft-vixie-dnsext-resimprove: > >> "When an iterative caching DNS resolver stores an NXDOMAIN in its > >> cache, all names and RRsets at or below that node should be deleted > >> since they will have become unreachable." > > > > There's nothing wrong with doing that. I just don't see why it's any > > more correct than believing the TTL that the server provided. > > an authoritative nxdomain proves that there is nothing below that qname. > this obviates all prior positive responses for that qname -- you > wouldn't say that we should continue to send positive responses for > other data perhaps based on qtype as a differentiator, because the > definition of nxdomain is qtype-independent, i.e., it applies to a name.
If proves that from the instance of the zone as served by that server at that time. It says zero about latest zone as that cache has no way to learn if the answer is from the latest zone. Removing cached records assumes the NXDOMAIN response is from the latest zone. Now that may well be a reasonable assumption to make but we need to acknowledge that it is a assumption. > for the same reason and in the same way, nxdomain applies to all > subdomains. it is not just talking about the qname. > > -- > P Vixie > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
