[dns-wg] TLD delegation trade-offs
- Previous message (by thread): [dns-wg] TLD delegation trade-offs
- Next message (by thread): [dns-wg] 6 replies to one thread in a day
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Edward Lewis
Ed.Lewis at neustar.biz
Tue Jun 7 18:06:13 CEST 2005
At 15:55 +0000 6/7/05, bmanning at vacation.karoshi.com wrote: >On Tue, Jun 07, 2005 at 11:50:39AM -0400, Edward Lewis wrote: >> At 15:47 +0000 6/7/05, bmanning at vacation.karoshi.com wrote: >> >> > just for grins... how would DNSSEC "bend" around this >> > supporting girder (or crutch if you prefer). >> >> Having to know not to give up when seeing an unsigned answer coming >> from a cache, treating this as a referral message and not a bogus > > so... get back the unsigned rrset (glue) - then treat > as a referal & attempt to validate down its delegation chain...??? A validator would need to know to do this. Look at the reply to the dig I suggested. Is it a reply? Is it a referral? If I recall correctly, BIND treats it as a reply and ceases the iteration, caching the answer as a less credible piece of data than had the AA bit been turned on. My point is, if the resolver sees this and judges it to be a reply, instead of tossing it and trying the query again the resolver needs to slip this into the "it's a referral" queue. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis +1-571-434-5468 NeuStar If you knew what I was thinking, you'd understand what I was saying.
- Previous message (by thread): [dns-wg] TLD delegation trade-offs
- Next message (by thread): [dns-wg] 6 replies to one thread in a day
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]