This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[dns-wg] What about the last mile, was: getting DNSSEC deployed
- Previous message (by thread): [dns-wg] What about the last mile, was: getting DNSSEC deployed
- Next message (by thread): [dns-wg] Re: What about the last mile, was: getting DNSSEC deployed
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Lutz Donnerhacke
lutz at iks-jena.de
Fri Feb 16 11:29:41 CET 2007
* Peter Koch wrote: > b) you have and use an implementation, that -- in violation of the DNSSEC > specification -- applies "aggressive negative caching"? Of course, it's a slightly modified bind. What's wrong with using the NSEC data for negative caching? Example: Q: avalon.iks-jena.de. AAAA [query the authoritive] A: avalon NSEC awstats.iks-jena.de. A MX TXT LOC SSHFP RRSIG NSEC Q: avalon.iks-jena.de. HINFO A: avalon NSEC awstats.iks-jena.de. A MX TXT LOC SSHFP RRSIG NSEC Q: avatar.iks-jena.de. A A: avalon NSEC awstats.iks-jena.de. A MX TXT LOC SSHFP RRSIG NSEC I do _not_ extent the lifetime of the NSEC over the TTL based on the RRSIG end date.
- Previous message (by thread): [dns-wg] What about the last mile, was: getting DNSSEC deployed
- Next message (by thread): [dns-wg] Re: What about the last mile, was: getting DNSSEC deployed
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]