[dns-operations] .ORG is signed

Chris Thompson cet1 at cam.ac.uk
Fri Jun 5 11:45:48 UTC 2009

I observed some odd effects while trying to validate .ORG zone entries,
which I eventually realised were due to the authoritative nameservers
returning SOA (and RRSIG for SOA, if present) RRs in the authority
section for NXDOMAIN and "NODATA" responses with a TTL of zero. That
is, they are disabling caching of negative responses. 

This happens whether the DO bit is set in the request or not. Was it
happening before the zone was signed? It seems more than a little
unfriendly! (especially now it is expensive to validate them)

Chris Thompson               University of Cambridge Computing Service,
Email: cet1 at ucs.cam.ac.uk    New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715       United Kingdom.

More information about the dns-operations mailing list