On Wed, Sep 28, 2016 at 12:44 PM, Ralf Weber <d...@fl1ger.de> wrote: > Moin! > > On 28 Sep 2016, at 17:21, Shumon Huque wrote: > > To be precise, I would say we are not necessarily always pruning out > entire > > zones. For a leaf zone, we are pruning all names within that zone below > the > > nxdomain-cut, modulo cached entries, i.e. a subset of the zone. But yes, > > for non-leaf zones, all zones below too are pruned. > I think we've been down that argument before. Not all cache implementations > have a DNS tree structure and nothing in the DNS protocol requires this > AFAIK. > I consider anything in the cache where the TTL is still valid to be valid > data > that can be send to clients even if below the nxdomain cut. My > understanding > is that this is how the current draft is written. >
Not exactly. The draft does NOT say that all unexpired cached data below the NXDOMAIN boundary is still valid. It leaves that up to implementers. Paraphrasing without 2119 keywords, it says that resolvers should consider all names below the cut non-existent, but may continue to return positive answers for existing cached entries. This text was the end result of many long discussions on the topic earlier this year. I think this accommodates your position. > For new records/delegations of course this would go NXDomain, but what to > do > with stuff already in the cache is an implementation choice. > Yes. -- Shumon Huque
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
