Re: [DNSOP] Using NSEC authoritatively - cutting down on NXD requests...
Paul Vixie <paul@redbarn.org> Tue, 27 October 2015 09:09 UTC
Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F67D1A1A92 for <dnsop@ietfa.amsl.com>; Tue, 27 Oct 2015 02:09:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.311
X-Spam-Level:
X-Spam-Status: No, score=-1.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_17=0.6, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VriAppUpoaWR for <dnsop@ietfa.amsl.com>; Tue, 27 Oct 2015 02:09:52 -0700 (PDT)
Received: from family.redbarn.org (family.redbarn.org [IPv6:2001:559:8000:cd::5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DDCC41A1A5D for <dnsop@ietf.org>; Tue, 27 Oct 2015 02:09:52 -0700 (PDT)
Received: from sume.local (unknown [211.150.88.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id 5767C13B5C; Tue, 27 Oct 2015 09:09:51 +0000 (UTC)
From: Paul Vixie <paul@redbarn.org>
To: dnsop@ietf.org
Date: Tue, 27 Oct 2015 02:09:48 -0700
Message-ID: <8217886.GVLLWU6ust@sume.local>
Organization: Vixie Enterprises
User-Agent: KMail/4.14.10 (Linux/4.1.10-1-default; KDE/4.14.10; x86_64; ; )
In-Reply-To: <20151027081626.GA23486@sources.org>
References: <CAHw9_i+P13cuUv1UYiFEmdm-Km-j332A6a0MfSdW+0o1or9VaQ@mail.gmail.com> <CA+nkc8By7EtKs6TPR5ETfDh_DjAFojTu9ibi5o2k_SrmdoptRQ@mail.gmail.com> <20151027081626.GA23486@sources.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/rCVj3mLn7cjnqJqKQfXkh_qmpQo>
Cc: Bob Harold <rharolde@umich.edu>
Subject: Re: [DNSOP] Using NSEC authoritatively - cutting down on NXD requests...
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Oct 2015 09:09:53 -0000
On Tuesday, October 27, 2015 09:16:26 AM Stephane Bortzmeyer wrote: > On Mon, Oct 26, 2015 at 09:36:10AM -0400, > Bob Harold <rharolde@umich.edu> wrote > > a message of 80 lines which said: > > vixie-dnsext-resimprove addresses the case where a single name > > 'b.example' and everything below it do not exist, found by a query > > for 'b.example'. > > Or a query for something.b.example, which received a NXDOMAIN reply, > together with a SOA of example, no? no. it's a nice idea, but not every label sits on a zone boundary. so if the qname is for a.b.example and the query was sent to the authority for example and an nxdomain comes back with an soa for example, you still don't know whether b.example exists. nxdomain is about the qname, or the name at the end of a cname chain reached through the qname. -- P Vixie
- [DNSOP] Using NSEC authoritatively - cutting down… Warren Kumari
- Re: [DNSOP] Using NSEC authoritatively - cutting … Shane Kerr
- Re: [DNSOP] Using NSEC authoritatively - cutting … Stephane Bortzmeyer
- Re: [DNSOP] Using NSEC authoritatively - cutting … Bob Harold
- Re: [DNSOP] Using NSEC authoritatively - cutting … Stephane Bortzmeyer
- Re: [DNSOP] Using NSEC authoritatively - cutting … Paul Vixie