This is a discussion on Re: protocol-06 section 4.5 - breaking the problem into chunks - DNS ; roy@dnss.ec writes: >> > Say resolver makes 'efficient' use of cached NSEC records, which one >> > should be returned for a query for F, for G, and for H. >> >> Wouldn't the resolver return F for the query ...
roy@dnss.ec writes:
>> > Say resolver makes 'efficient' use of cached NSEC records, which one
>> > should be returned for a query for F, for G, and for H.
>>
>> Wouldn't the resolver return F for the query for F,
>
> Why is F more valid than A NSEC H ?
Well, for one thing, SIG(F) will have a newer timestamp than SIG(A
NSEC H). Second, unless A NSEC H was obtained by a query for F, the
cache should not associate A NSEC H with F. I.e., if the cache has A
NSEC H due to a query for E, it should not carry over that response
into a query for F.
-derek
--
Derek Atkins 617-623-3745
derek@ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant
--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive:
