IETF Logo Mail Archive

Re: [dnsext] Fwd: RFC 2308 & RFC 4035

"W.C.A. Wijngaards" <wouter@nlnetlabs.nl> Sat, 26 February 2011 08:05 UTC

Return-Path: <wouter@nlnetlabs.nl>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CDBCD3A6937 for <dnsext@core3.amsl.com>; Sat, 26 Feb 2011 00:05:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.752
X-Spam-Level:
X-Spam-Status: No, score=-1.752 tagged_above=-999 required=5 tests=[AWL=-0.848, BAYES_00=-2.599, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545, J_CHICKENPOX_55=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AELJYzVSvPV7 for <dnsext@core3.amsl.com>; Sat, 26 Feb 2011 00:05:10 -0800 (PST)
Received: from rotring.dds.nl (rotring.dds.nl [85.17.178.138]) by core3.amsl.com (Postfix) with ESMTP id E2F673A692D for <dnsext@ietf.org>; Sat, 26 Feb 2011 00:05:09 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by rotring.dds.nl (Postfix) with ESMTP id 16FF158B43 for <dnsext@ietf.org>; Sat, 26 Feb 2011 09:06:03 +0100 (CET)
Received: from [192.168.254.2] (195-241-9-117.adsl.dds.nl [195.241.9.117]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by rotring.dds.nl (Postfix) with ESMTPSA id 042E958B44 for <dnsext@ietf.org>; Sat, 26 Feb 2011 09:05:56 +0100 (CET)
Message-ID: <4D68B464.8040409@nlnetlabs.nl>
Date: Sat, 26 Feb 2011 09:05:56 +0100
From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.16) Gecko/20101125 SUSE/3.0.11 Thunderbird/3.0.11
MIME-Version: 1.0
To: dnsext@ietf.org
References: <a06240805c98db61801c2@[10.31.200.114]>
In-Reply-To: <a06240805c98db61801c2@[10.31.200.114]>
X-Enigmail-Version: 1.0.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 0.96.5 at rotring
X-Virus-Status: Clean
Subject: Re: [dnsext] Fwd: RFC 2308 & RFC 4035
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Feb 2011 08:05:18 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Ed,

On 02/25/2011 08:41 PM, Edward Lewis wrote:
> I have a question referring to two sections in two RFCs, prompted by the
> resimprove draft.

> Let's aay this happens:
> 
> at 10am a cache receives a response to a query for example.tld./IN/A
> that says
> 
> example.tld.   3600    NSEC3   a.example.tld.  SOA NS DNSKEY RRSIG NSEC
> 
> at 10:15am the cache gets a query for example.tld./IN/AAAA.
> 
> Should the cache rely with a NoData response or should it try to query
> for the AAAA?

I think they should use the passage quoted by George.  NSECs are used
for exactly the qname,qtype,qclass that solicited them (NODATA and
NXDOMAIN).

> If the answer to the previous is "it should rely on the cached NSEC:"
> What if I said that at 10:10am, the authority was updated with a new
> zone that had an AAAA RRset at the apex?

- From an efficiency point, using cached NSECs helps; but for caches the
nxdomain and nodata traffic is a lot smaller than e.g. for roots.

Best regards,
   Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iEYEARECAAYFAk1otGQACgkQkDLqNwOhpPghXACfXunnU5hAj20WTbjbVTTXmRWC
Z2EAn3+XUuyESnIuigYwLuEfSas3ngOE
=JN8C
-----END PGP SIGNATURE-----

v2.23.0 | Report a Bug | By Email