In message <56e8a0e6.9010...@redbarn.org>, Paul Vixie writes: > > > Mark Andrews wrote: > > In message<56e83f6e.2040...@redbarn.org>, Paul Vixie writes: > >> an authoritative nxdomain proves that there is nothing below that qname. > >> this obviates all prior positive responses for that qname -- you > >> wouldn't say that we should continue to send positive responses for > >> other data perhaps based on qtype as a differentiator, because the > >> definition of nxdomain is qtype-independent, i.e., it applies to a name. > > > > If proves that from the instance of the zone as served by that > > server at that time. It says zero about latest zone as that cache > > has no way to learn if the answer is from the latest zone. > > > > Removing cached records assumes the NXDOMAIN response is from the > > latest zone. Now that may well be a reasonable assumption to make > > but we need to acknowledge that it is a assumption. > > if that assumption weren't also being made by all implementations of > negative caching to date, and was thus not specific to the subdomain > clarification for nxdomain treatment, i'd agree, we ought to mention it. > > instead i'll say, perhaps it's time to revise RFC 2308 along these > lines. i think a higher cost system than DNS which was willing to trade > resources to get coherence, all answers would be SOA.SERIAL tagged.
There really is no reason for authoritative servers which are not using AXFR/IXFR for zone transfers to keep SOA serials in sync. Even if you are using AXFR/IXFR you don't need all the authoritative servers to keep the serials in sync, you just need to not cross the streams. Current examples of configurations that don't keep the serials in sync include: * Parallel inline signers feeding from the same unsigned source don't keep serials in sync as there is no need. * Microsoft AD managed zones don't keep the serials in sync. * There are a number of database to zone converters operated by TLDs that don't keep serials in sync. Mark > -- > P Vixie -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
