[dns-wg] What about the last mile, was: getting DNSSEC deployed
- Previous message (by thread): [dns-wg] What about the last mile, was: getting DNSSEC deployed
- Next message (by thread): [dns-wg] Re: What about the last mile, was: getting DNSSEC deployed
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Lutz Donnerhacke
lutz at iks-jena.de
Fri Feb 16 11:29:41 CET 2007
* Peter Koch wrote: > b) you have and use an implementation, that -- in violation of the DNSSEC > specification -- applies "aggressive negative caching"? Of course, it's a slightly modified bind. What's wrong with using the NSEC data for negative caching? Example: Q: avalon.iks-jena.de. AAAA [query the authoritive] A: avalon NSEC awstats.iks-jena.de. A MX TXT LOC SSHFP RRSIG NSEC Q: avalon.iks-jena.de. HINFO A: avalon NSEC awstats.iks-jena.de. A MX TXT LOC SSHFP RRSIG NSEC Q: avatar.iks-jena.de. A A: avalon NSEC awstats.iks-jena.de. A MX TXT LOC SSHFP RRSIG NSEC I do _not_ extent the lifetime of the NSEC over the TTL based on the RRSIG end date.
- Previous message (by thread): [dns-wg] What about the last mile, was: getting DNSSEC deployed
- Next message (by thread): [dns-wg] Re: What about the last mile, was: getting DNSSEC deployed
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]