[dns-operations] IPv6 & IPv4 addresses

Edward Lewis Ed.Lewis at neustar.biz
Thu Mar 17 18:00:07 UTC 2011

At 17:12 +0000 3/17/11, George Barwood wrote:

>Err.. I don't see how it violates that, certainly not on the
>authoritative server side.

Authoritative servers don't have negative caches.  The idea that a 
negative answer can be used to infer the absence of another type is 
contrary to what is written in RFC 2308.

>A server can put whatever it fancies in the additional section if it feels
>it is helpful.

There are no rules barring the introduction of data in a response 
message.  The rules only specify what has to be there.  So, the above 
is true.

>On the resolver side, making use of the NSEC information for related queries
>is more controversial, in view of the last section of rfc4035 section 4.5
>The language here is quite tentative though, leaving room for interpretation.
>There would be questions as to how long the negative information can be
>cached. That's normally taken from the SOA record.

In the text I see it saying "well, you could think of synthesizing 
negative answers but it's not a wise thing to do, servers that avoid 
doing this will be better off."  That's my boiling each sentence into 
a fragment and stringing it together in less formal language.  And 
that is consistent with RFC 2308's language.

>The problem I see (apart from the rfc section above) is that the changes to
>resolvers to take advantage of the NSEC info would be relatively complex.

...and then all we have to do is change (all of) the deployed 
software to make the problem go away.

Edward Lewis
NeuStar                    You can leave a voice message at +1-571-434-5468

Me to infant son: "Waah! Waah! Is that all you can say?  Waah?"
Son: "Waah!"

More information about the dns-operations mailing list