[dns-operations] IPv6 & IPv4 addresses
marka at isc.org
Sat Mar 19 00:28:38 UTC 2011
In message <firstname.lastname@example.org>, Edward Lewis writes:
> At 10:00 +0000 3/18/11, Simon Munton wrote:
> >On 17/03/2011 18:00, Edward Lewis wrote:
> >> The idea that a negative answer can be used to infer the absence of
> >> another type is contrary to what is written in RFC 2308.
> >I don't see that - RFC2308 simply says you should cache previous NODATA
> >answers, it doesn't say you can't use NSEC/NSEC3 records to prove other RRs
> >also doesn't exist without specifically querying for them.
> The spec says that negative answers are caches by the query, not in a
> tree of data like the positive cache. Caching by query means not
> inferring from one query to the next (different one).
Positive data is also cache by <qname,qtype,qclass>. Whether you use
a tree, hash table or some other structure is up to the implementation.
> >If the NSEC/NSEC3 has the same TTL as the EXPIRY then then wouldn't this
> >be safe?
> Because 1) the cache is not supposed to make statements (i.e.,
> inferring from one query to another) that should be handled by the
> authority, 2) the zone at the authority may not be static (which may
> make an inference wrong), 3) the sender of the message assume RFC
> 2308 compliance and craft responses accordingly.
RFC 2308 preserved the DNSSEC RFCs decision to not infer other
> Edward Lewis
> NeuStar You can leave a voice message at +1-571-434-5468
> Me to infant son: "Waah! Waah! Is that all you can say? Waah?"
> Son: "Waah!"
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations