Hi Shumon, What about this?
# When an iterative caching DNS resolver receives a response with RCODE being NXDOMAIN, # the resolver SHOULD store the response in its (negative) cache. During the time the response # is cached, any query with a QNAME at or descended from the denied name that is not otherwise #cached (positively), can be assumed to result in a name error. Responses to those queries # SHOULD set RCODE=NXDOMAIN (using the DNSSEC records cached as proof). When an iterative caching DNS resolver receives a query response with RCODE as NXDOMAIN, The resolver should store the NXDOMAIN response in cache. During the time that this response is cached, any query with a QNAME at or descended from the query that resulted in NXDOMAIN and that is not already in cache can be assumed to result in a name error. Responses to such queries SHOULD respond with RCODE as NXDOMAIN using DNSSEC records from cache as proof. Andrew NB: I work at Charter and this is not official Charter communications but rather my personal thoughts. Andrew White Desk: 314.394-9594<sip:13143949594> | Cell: 314-452-4386<sip:1-314-452-4386> | Jabber<sip:andrew.whi...@charter.com> andrew.whi...@charter.com<mailto:andrew.whi...@charter.com> Systems Engineer III, DAS DNS group Charter Communications 12405 Powerscourt Drive<https://goo.gl/maps/AH2PXFKnaGU2>,<http://www.html5zombo.com/> St. Louis, MO 63131 From: DNSOP [mailto:dnsop-boun...@ietf.org] On Behalf Of Shumon Huque Sent: Tuesday, September 27, 2016 1:34 PM To: Edward Lewis Cc: dnsop@ietf.org Subject: Re: [DNSOP] Comment on section 2 of draft-ietf-dnsop-nxdomain-cut-05.txt On Tue, Sep 27, 2016 at 1:55 PM, Edward Lewis <edward.le...@icann.org<mailto:edward.le...@icann.org>> wrote: I'd written up a response, but perhaps the intent of the text is fine. The way it is written is what is throwing me. Perhaps instead of this: # When an iterative caching DNS resolver receives a response NXDOMAIN, # it SHOULD store it in its cache and all names and RRsets at or below # that node SHOULD then be considered to be unreachable. When an iterative caching DNS resolver receives a response with RCODE being NXDOMAIN, the resolver SHOULD store the response in its (negative) cache. During the time the response is cached, any query with a QNAME at or descended from the denied name that is not otherwise cached (positively), can be assumed to result in a name error. Responses to those queries SHOULD set RCODE=NXDOMAIN (using the DNSSEC records cached as proof). ...that's not the best wording either - but "unreachable" is not a term I'd use. I'm not sure "negative cache" and "positive cache" are recognized terms. I'd suggest replacing "unreachable" with "non-existent": # When an iterative caching DNS resolver receives an NXDOMAIN response, # it SHOULD store it in its (negative) cache and all names and RRsets at or below # that node SHOULD then be considered non-existent. -- Shumon Huque
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
