To:
miekg@atoom.net (Miek Gieben)
Cc:
dnssec@cafax.se
From:
Bill Manning <bmanning@isi.edu>
Date:
Mon, 10 May 2004 16:12:46 -0700 (PDT)
In-Reply-To:
<20040510191139.GA2392@atoom.net> from "Miek Gieben" at May 10, 2004 09:11:39 PM
Sender:
owner-dnssec@cafax.se
Subject:
Re: dnssec: resolver - application communication
% > Not at all. you only need to "get more" if the validation % > fails. This was hammered home to me @ the SLC IETF. If % % how do you know validation fails if you only have SERVFAIL. If you % want to get more, you will always have get more on SERVFAIL. the point being that you can get valid data from any intermediate cache. Once the data validates you don't have to care where it came from. You don't have to go to the auth.servers at all. if there is a failure, then using the auth.servers -may- be the best way to check for accurate data. Not required. % > dig++ needs access to more data than you wish to mask w/ % > SERVFAIL, no? % % I see your point, but what I meant with that is that you can go and % look for yourself on the Net. Like going out and asking the % authoritative servers for more information, instead of your local % cache. But can my (generic) application? % % grtz, % --Miek % % -- % today's fortune: % Referring to a book: I read part of it all the way through. % -Samuel Goldwyn % -- --bill Opinions expressed may not even be mine by the time you read them, and certainly don't reflect those of any other entity (legal or otherwise).