To:
dnsop@cafax.se
From:
Paul Vixie <vixie@vix.com>
Date:
21 Sep 2003 19:42:13 +0000
In-Reply-To:
<20030921104809.GA20537@outpost.ds9a.nl>
Sender:
owner-dnsop@cafax.se
User-Agent:
Gnus/5.09 (Gnus v5.9.0) Emacs/21.3
Subject:
Re: caching no-delegation 'nxdomains'?
ahu@ds9a.nl (bert hubert) writes: > PowerDNS has now also implemented the ISC 'no-delegation' semantics > which, I must say, are pretty nifty. Thanks, ISC. we've already had to patch our patch, and there's another patch coming. this whole area turns out to be more subtle than anybody realized. > This is the brunt of the patch: > ... > Not sure if this exactly equals ISC semantics but it appears to work here. we're working on an isc technote to document the specifics, in case other vendors are interested in our experiences. naturally, i do not think that namedroppers will want to adopt this work since it's not really protocol related. > However, I'm wondering now, would it be opportune to negatively cache > this result? > > I haven't yet formed an opinion yet, interested in yours. we transform to nxdomain on input, so if goes into the normal rules about negative caching. so far, no ill effects have been felt from this, but i think our negative caching ttl is 5 minutes whereas the controversial wildcards come out with a 15 minute ttl, so there's no harm to do other than if one turns off the feature and doesn't do a full server restart (since the cache, including the negative cache, will still have the old synthetic negative elements.) -- Paul Vixie #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.