On Sep 7, 2023, at 19:28, Mark Andrews <ma...@isc.org> wrote: > > > > The server shouldn’t be caching the RRset and it’s RRSIGs unless they validate > successfully. This is a requirement of DNSSEC. This is also why recursive > servers need to validate responses so that garbage is not cached.
Ah, so just the QNAME is remembered in the negative cache ? And the TTL of RRSIG is irrelevant because the record was thrown away. I understand now. Thanks for the clarification. Perhaps this clarification would be useful for the document ? Paul _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
