To:
Andreas Gustafsson <gson@nominum.com>
CC:
Robert Elz <kre@munnari.OZ.AU>, Andreas Gustafsson <Andreas.Gustafsson@nominum.com>, "D. J. Bernstein" <djb@cr.yp.to>, ngtrans@sunroof.eng.sun.com, namedroppers@ops.ietf.org, ipng@sunroof.eng.sun.com, dnsop@cafax.se
From:
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date:
Sun, 5 Aug 2001 06:53:33 +0859 ()
In-Reply-To:
<200108041536.IAA01336@gulag.araneus.fi> from Andreas Gustafssonat "Aug 4, 2001 08:36:00 am"
Sender:
owner-dnsop@cafax.se
Subject:
Re: Joint DNSEXT & NGTRANS agenda
Andreas; > > > How? No-one is suggesting that these records be put in the cache. > > > > I have been suggesting that these records be put in a referral-local > > cache content of which is not used for usual A query nor glue A of > > other referral points. > > I think that's an excellent approach, and one that should be seriously > considered when designing new resolver implementations. BIND 8 and 9 > have the concept of a single, global cache too deeply ingrained to be > changed at this point. As I have been suggesting it long before BIND 8 or9, I have no intention to check them specifically by myself. But, if they are implemented rationally, the modification would be: Add a field of referral point for a cache entry structure. Referral point would be null pointer unless it is cached from additional A for NS. Otherwise the referral point for the NS would be stored. Cache entries are matched considering the referral point, unless the answer is used for additional A for NS. Additonal A for NS may use cache entry with null referral point As all the referral points of a zone share the same glue information, zone may be used instead of referral point. I estimate the modification is a lot easier than several generations of misdirected attempts to obtain the true weak security. Masataka Ohta