[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

section 3.2 of protocol draft

To: namedroppers <namedroppers@ops.ietf.org>
Subject: section 3.2 of protocol draft
From: Miek Gieben <miekg@atoom.net>
Date: Mon, 8 Dec 2003 14:10:59 +0100
Mail-followup-to: namedroppers <namedroppers@ops.ietf.org>
User-agent: Vim/Mutt/Linux

Hello,

I'm rereading the protocol draft again, and I'm wondering about the following
paragraph.

In section 3.2: Recursive Name Servers
2nd paragraph:

   A security-aware recursive name server MUST NOT attempt to answer a
   query by piecing together cached data it received in response to
   previous queries that requested different QNAMEs, QTYPEs, or
   QCLASSes.  A security-aware recursive name server MUST NOT use NSEC
   RRs from one negative response to synthesize a response for a
   different query.  A security-aware recursive name server MUST NOT use
   a previous wildcard expansion to generate a response to a different
   query.

I don't "get" the first sentence. does that really say: "don't use the cache"?
If i'm a cache and i've just validated a DNSKEY in response to another query,
I cannot use that validated DNSKEY?

Further more, if this question is answered negatively (A cache can still be used),
i'm wondering why is this put in a protocol draft? Isn't this bordering implementation
details?

grtz Miek

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: section 3.2 of protocol draft
  - From: Jim Reid <jim@rfc1035.com>
- Re: section 3.2 of protocol draft
  - From: "Scott Rose" <scottr@nist.gov>

Prev by Date: Re: List administration
Next by Date: Re: section 3.2 of protocol draft
Previous by thread: I-D ACTION:draft-ietf-dnsext-nsec-rdata-01.txt
Next by thread: Re: section 3.2 of protocol draft
Index(es):
- Date
- Thread