In message <20140221155053.gb76...@isc.org>, Evan Hunt writes: > On Fri, Feb 21, 2014 at 03:47:25PM +0700, Mr.Jittinan Suwanrueangsri wrote: > > I have dumped cached records from BIND > > 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 by using "rndc dumpdb -cache". > > I don't understand the meaning of "; pending-answer" and "; > > pending-additional" in cache_dump.db.What do these mean? > > It means "pending validation". These records have not been subjected to > DNSSEC validation and are therefore considered less trustworthy than if > they had been. If a validated version of the same information comes along > in the future, then this existing cache data will be discarded in favor of > it.
pending-* is there for lazy validation. These records are learnt as a side effect of some other query. Rather than validating them immediately they are validated when requested using the data in the cache. The differences indicate the trust level the answers get if they then validate as insecure. If the cache does not contain all the information required to validate we currently recurse and validate that response. A future change would be to just fetch the missing data rather than a full recursion. If the validation fails we just recurse. > -- > Evan Hunt -- e...@isc.org > Internet Systems Consortium, Inc. > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
