[dns-operations] IPv6 & IPv4 addresses
Edward Lewis
Ed.Lewis at neustar.biz
Thu Mar 17 18:00:07 UTC 2011
At 17:12 +0000 3/17/11, George Barwood wrote:
>Err.. I don't see how it violates that, certainly not on the
>authoritative server side.
Authoritative servers don't have negative caches. The idea that a
negative answer can be used to infer the absence of another type is
contrary to what is written in RFC 2308.
>A server can put whatever it fancies in the additional section if it feels
>it is helpful.
There are no rules barring the introduction of data in a response
message. The rules only specify what has to be there. So, the above
is true.
>On the resolver side, making use of the NSEC information for related queries
>is more controversial, in view of the last section of rfc4035 section 4.5
...
>The language here is quite tentative though, leaving room for interpretation.
>There would be questions as to how long the negative information can be
>cached. That's normally taken from the SOA record.
In the text I see it saying "well, you could think of synthesizing
negative answers but it's not a wise thing to do, servers that avoid
doing this will be better off." That's my boiling each sentence into
a fragment and stringing it together in less formal language. And
that is consistent with RFC 2308's language.
>The problem I see (apart from the rfc section above) is that the changes to
>resolvers to take advantage of the NSEC info would be relatively complex.
...and then all we have to do is change (all of) the deployed
software to make the problem go away.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis
NeuStar You can leave a voice message at +1-571-434-5468
Me to infant son: "Waah! Waah! Is that all you can say? Waah?"
Son: "Waah!"
More information about the dns-operations
mailing list