Hi all, We have this errata: https://www.rfc-editor.org/verify_errata_select.php?eid=5316
The document as published says: "A * label appearing in a query name has no special effect, but can be used to test for wildcards in an authoritative zone; such a query is the only way to get a response containing RRs with an owner name with * in it. The result of such a query should not be cached. Note that the contents of the wildcard RRs are not modified when used to synthesize RRs." and the Notes in the Errata says: "It is perfectly OK for an RR with a wildcard label '*' to be cached as long as it's not used to synthesize any RRs on a caching resolver. The DNS implementations BIND and Unbound both cache such RRsets with wildcard label in the owner name." Sure enough, BIND caches the answer (I must admit that this surprised me) but should the errata be approved? When the document was published, was the intent that wildcard records should NOT be allowed to be cached? Note that if behaviors have changes, and implementations should now cache the record, then we need to document that in a -bis (or similar) document. I'm also somewhat confused what the caching the wildcard answer *means* - if I have *.example.com cached and then get a query for foo.example.com I still need to query for it (note that this is all before DNSSEC / Aggressive NSEC / etc) and so what is the "use" of the cached wildcard? AFAICT, searching for the wildcard itself is only useful for debugging, so caching it seems wasteful at best. Can folk help me understand what should happen with this errata? W -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
