> That's cache poisoning. Search for "Eugene Kashpureff" to learn all > about it.
There is a relation in the sense that checking RRs for relevance to the query is mentioned as a partial defense against cache poisoning in RFC 3833, section 2.3. Note however some differences: 1. Caching of unrequested RRs would actually be fine, if they are properly signed. At worst, a resolver would cache irrelevant records. 2. It is the usage of irrelevant records by the application which is causing the problem. You could reproduce this problem without any caches involved. The confusion seems to arise in RFC 1034, section 5.3.3, which states: > a. if the response answers the question or contains a name > error, cache the data as well as returning it back to > the client. But what exactly "the data" is (or, going with RFC 3833, how "relevance" is determined), does not seem to be specified anywhere, at least not in rigorous algorithmical form. Best regards, - Thomas
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
