On 18/03/2025 10.21, Philip Homburg wrote:
I-D.fujiwara-dnsop-resolver-update has the following:
- Separate the cache into "authoritative data cache" and "delegation cache".
This suggests to me that a serious mismatch between parent and child will
also cause problems. May I missed something.
Yes, I don't think it's even possible to completely solve on resolver
side. But the parent-only approach would be more predictable. Every
(conforming) resolver would see the same NS set, modulo TTL expiration.
Because it wouldn't depend on whether it has fetched a child NS *and*
from a "correct" child auth. (Say, if you forgot a wrong server in the
parent, I assume that server may very well serve you a wrong NS rrset.)
--Vladimir | knot-resolver.cz
_______________________________________________
DNSOP mailing list -- dnsop@ietf.org
To unsubscribe send an email to dnsop-le...@ietf.org
