[dns-operations] root? we don't need no stinkin' root!

Florian Weimer fw at deneb.enyo.de
Tue Nov 26 11:01:47 UTC 2019


* Jim Reid:

>> On 26 Nov 2019, at 09:16, Florian Weimer <fw at deneb.enyo.de> wrote:
>> 
>> Up until recently, well-behaved recursive resolvers had to forward
>> queries to the root if they were not already covered by a delegation.
>> RFC 7816 and in particular RFC 8198 changed that, but before that, it
>> was just how the protocol was expected to work.
>
> So what? These RFCs make very little difference to the volume of
> queries a resolving server will send to the root. QNAME minimisation
> has no impact at all: the root just sees a query for .com instead of
> foobar.com.

QNAME minimization allows a resolver to blacklist (say) the CORP
subtree, based on the NXDOMAIN response for CORP.  If the full query
is sent to the root, it is only possible to cache the NXDOMAIN for the
exact QNAME, and not its siblings.  (This assumes that the root deals
with empty non-terminals in the expected way, but that seems to be a
reasonable assumption for the root zone.)



More information about the dns-operations mailing list