On Nov 5, Stephane Bortzmeyer wrote: > I see the point but I have two practical reservations: [...] > 2) It will make debugging more difficult. With your two-caches system, > "dig @myresolver NS foobar.example" will retrieve the data in > foobar.example, while the resolver will use, when iterating, the data > from .example, which is not showed and I don't see a standard way to > retrieve it from the "delegation cache".
A resolver that receives an RD=0 query for a name that is not present in the cache should respond with a referral. In a two-cache resolver, the natural place to look for the data to include in such a referral is the delegation cache, since that is where referrals are cached. If the resolver does that, you can use dig +norecurse @myresolver random-subdomain.foobar.example where random-subdomain is any unguessable label, for example one derived from a 128-bit random number. -- Andreas Gustafsson, g...@araneus.fi _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
