_dmarc.newjersey.sales.bigcorp.wtf
_dmarc.sales.bigcorp.wtf
_dmarc.bigcorp.wtf
Sure, but if I query "_dmarc.newjersey.sales.bigcorp.wtf" and I get back an
NXDOMAIN for "sales.bigcorp.wtf", I can eliminate at least one query,
But you won't, you'll get back an answer for the name you looked up.
You could do a seprate check first for sales.bigcorp.wtf but as I said I
don't think that will usually win. It is my impression that the domain
name tree is pretty flat, and if you limited a tree walk to four or five
levels, that would catch every real DMARC record.
Also, if your DNS cache is synthesizing NXDOMAIN results either under a
higher NXDOMAIN (RFC 8020) or using DNSSEC (RFC 8198) those queries will
be pretty cheap to haandle since they won't cause any upstream queries, so
you might as well just do the tree walk.
Regards,
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
