To:
Edward Lewis <edlewis@arin.net>
cc:
dnssec@cafax.se
From:
Slawomir Gruca <slawekgr@nask.pl>
Date:
Thu, 15 May 2003 18:31:12 +0200 (MET DST)
In-Reply-To:
<a05111b03bae934799bea@[193.0.8.217]>
Sender:
owner-dnssec@cafax.se
Subject:
Re: NXT issues
> At 11:07 +0200 5/15/03, Slawomir Gruca wrote: > >Hi all, > >There are a few things that bother me regarding the NTX record. Firstly, [...] > It is very necessary. A document is in preparation by myself and Bob > Halley to state why in excruciating detail. ;) > For now see: > http://www.ietf.org/internet-drafts/draft-lewis-dns-wildcard-clarify-00.txt > ...which is my initial individual document > and > http://ops.ietf.org/lists/namedroppers/namedroppers.2003/msg01038.html > ...which is Bob's addition Well, I have already stared to pore over them :-) > >The next question I'm gonna ask you is related to cache servers. Suppose [...] > You should consult RFC 2308 (NCACHE). Negative answers are cached > according to the query and not the answer. That means that a cached > negative answer for b.com isn't consulted for c.com, even though the > proof looks like it covers the new query. The reason for this > involved wild card synthesized negative proofs. Thank you! This issue is now crystal clear. > You're example is missing a piece though. You won't see the above, > but you might see a.com NXT d.com, d.com NXT com, com NXT a.com, as > you need the zone apex in the NXT chain. Well, the example was meant to be extremely compact... so it's missing com NXT :-) > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > Edward Lewis +1-703-227-9854 > ARIN Research Engineer -------------------------------------------------------------------------- Slawomir Gruca <slawomir.gruca@nask.pl>, NASK --------------------------------------------------------------------------