[dns-operations] IPv6 & IPv4 addresses
Simon Munton
Simon.Munton at communitydns.net
Fri Mar 18 10:00:56 UTC 2011
> dig A www.emsv.co.uk. +dnssec @a.ns.emsv.co.uk
I quite like that - putting the AAAA & NSEC/NSEC3 in the ADDITIONAL
SECTION makes a lot of sense and (surely) violates nothing. Although the
resolver wouldn't know the AA flag also applies to the ADDITIONAL data
and so should really treat it as GLUE and re-query for it anyway.
Also, currently the resolver simply fires off a series of A & AAAA
queries 0.0001ms apart - with that technique they'd have to wait for the
reply to the first before firing off the second, so it would slow things
where the authority doesn't have this feature.
On 17/03/2011 18:00, Edward Lewis wrote:
> The idea that a negative answer can be used to infer the absence of
> another type is contrary to what is written in RFC 2308.
I don't see that - RFC2308 simply says you should cache previous NODATA
answers, it doesn't say you can't use NSEC/NSEC3 records to prove other
RRs also doesn't exist without specifically querying for them.
If the NSEC/NSEC3 has the same TTL as the EXPIRY then then wouldn't this
be safe?
More information about the dns-operations
mailing list