Status Quo is good for ipv4 to ipv6 migration.
Totally agree with william on PUSH/PULL.
1. Hotest internet service's RDATA always exists in recursive dns cache,
PUSH is not speed up much except hit-miss. ( recursive -> authority )
2. clients known what they want, PULL & prefething is Ockham's R
joel jaeggli 于2016年4月1日周五 上午2:35写道:
>
> >
> > > 2) baidu dns hijack(2010):
> > >
> >
> http://www.zdnet.com/article/baidu-dns-records-hijacked-by-iranian-cyber-army/
> >
> > This paper says it was purely social engineering on the registrar. No
> > change in the DNS would help.
> >
Stephane Bortzmeyer 于2016年3月29日周二 下午9:48写道:
> On Mon, Mar 28, 2016 at 05:38:01AM +,
> abby pan wrote
> a message of 246 lines which said:
>
> > 1) baofeng recursive ddos attack(2009):
> > http://www.pcworld.com/article/165319/article.html
>
> A more technica
Thanks a lot for Stephane's comments, we will give more explanations in
next version, :-)
Some backgroud information as follows:
Stephane Bortzmeyer 于2016年3月25日周五 下午10:44写道:
>
> I've read it, noticed that it is not just a documentation of local
> practices but it wants to be published as BCP, an
Mark Andrews 于2016年3月14日周一 下午12:01写道:
>
> > another choice : Authority Server return NODATA/NXDOMAIN as nxdomain
> cut,
> > but no change on DNS cache. Some impact on NSEC/NSEC3 records.
> >
> > - no names under foo.example => NXDOMAIN at foo.example
>
> If you want to signal NOERROR + bottom
Ted Lemon 于2016年3月11日周五 下午12:26写道:
>
> I think this document could be made a lot simpler if it simply said what
> it says in the abstract, without placing new requirements on DNS caches.
> Right now it says DNS caches SHOULD take an NXDOMAIN on a particular
> domain as applying to all names under
root zone size is much smaller than TLD, and RR has long ttl.
NSEC is satisfied.
Warren Kumari 于2016年2月25日周四 下午12:58写道:
> Dear DNSOP,
>
> We have recently updated "Believing NSEC records in the DNS root" (
> https://tools.ietf.org/html/draft-wkumari-dnsop-cheese-shop-01).
>
> This incorporates s
