On 8/4/23 01:29, Petr Menšík wrote:
I started thinking, what if we used EDNS0 extension sending version at the client and asked the server if that has changed in the mean time. Lets call the extension cache-refresh for example. It might use SOA version number, which I think common authoritative servers use to to mark zone version somehow. But almost any binary id would be sufficient. The server may provide any alternative like timestamp. For a client, it does not matter. It would just store whatever the server used on last reply.
In addition to what Ray pointed out, the SOA serial might not only be an unreliable piece of data for synthesized zones, but also in multi-provider setups etc. Freshness-checking on the zone level might not be a stable concept. A hash over the RRset in question might work, assuming some canonical form is used (e.g. as used for RRSIG calculation). OTOH, that would limit efficiency benefits to the specific (qname,type) and not allow freshness checking for the rest of the zone. It's unclear whether the implementation complexity is worth the benefit if it can only be exercised on some responses. Peter -- https://desec.io/ _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
