roy@dnss.ec writes:

>> > Say resolver makes 'efficient' use of cached NSEC records, which one
>> > should be returned for a query for F, for G, and for H.

>>
>> Wouldn't the resolver return F for the query for F,

>
> Why is F more valid than A NSEC H ?


Well, for one thing, SIG(F) will have a newer timestamp than SIG(A
NSEC H). Second, unless A NSEC H was obtained by a query for F, the
cache should not associate A NSEC H with F. I.e., if the cache has A
NSEC H due to a query for E, it should not carry over that response
into a query for F.

-derek

--
Derek Atkins 617-623-3745
derek@ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: