To:
gson@nominum.com (Andreas Gustafsson)
cc:
ngtrans@sunroof.eng.sun.com, namedroppers@ops.ietf.org, ipng@sunroof.eng.sun.com, dnsop@cafax.se
From:
Greg Hudson <ghudson@MIT.EDU>
Date:
Thu, 02 Aug 2001 02:08:55 -0400
In-Reply-To:
Your message of "Wed, 01 Aug 2001 14:11:23 PDT." <E15S3H1-000NMR-00@psg.com>
Subject:
Re: Joint DNSEXT & NGTRANS agenda
> This time, DJB is correct. When resolving, BIND 8 and 9 do reject > all records that are not within the domain whose authoritative > qservers are being queried. If they did not, we would be seeing > much more cases of cache poisoning that we do now. To be precise: to avoid cache poisoning, out of domain records must not be used for future queries. There is no problem with using them for the purpose of the current query, although that may be considered too complicated to implement.