Moin! On 28 Sep 2016, at 17:21, Shumon Huque wrote: > To be precise, I would say we are not necessarily always pruning out entire > zones. For a leaf zone, we are pruning all names within that zone below the > nxdomain-cut, modulo cached entries, i.e. a subset of the zone. But yes, > for non-leaf zones, all zones below too are pruned. I think we've been down that argument before. Not all cache implementations have a DNS tree structure and nothing in the DNS protocol requires this AFAIK. I consider anything in the cache where the TTL is still valid to be valid data that can be send to clients even if below the nxdomain cut. My understanding is that this is how the current draft is written.
For new records/delegations of course this would go NXDomain, but what to do with stuff already in the cache is an implementation choice. I also don't think this is different with DNSSEC as stuff below the NXDomain cut still is valid until TTL expires. So long -Ralf _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
