To:
dnssec@cafax.se
From:
Slawomir Gruca <slawekgr@nask.pl>
Date:
Thu, 15 May 2003 11:07:32 +0200 (MET DST)
Sender:
owner-dnssec@cafax.se
Subject:
NXT issues
Hi all, There are a few things that bother me regarding the NTX record. Firstly, does anyone need to know what is in the 'next domain field' of the RDATA section of NXT for authentication of non-existent name? Am I wrong saying that it's not necessary? Just the name of the record should be enough for verification of the name. It is only a hypothetical situation, since it's obvious that the server just has to return the whole NXT (otherwise it couldn.t be verified). The next question I'm gonna ask you is related to cache servers. Suppose we have a domain a.com NXT d.com d.dom NXT a.com and someone asks for b.com which simply doesn.t exist. So when the client gets a negative reply, the record (a.com NXT d.com) has been cached. As of that moment anyone asking of b.com will get the answer from the cache (if the cache is used). But what would happen if a fellow asked if c.com exists? Is the cache server obliged to answer that there is no c.com on the basis of the cached NXT record which says there is a black whole between a and d? I assume that the record is not opt-in. Kind regards, Slawek -------------------------------------------------------------------------- Slawomir Gruca <slawomir.gruca@nask.pl>, NASK --------------------------------------------------------------------------