I'm saying answer should be stored in cache for latter use, only if the same answer is obtained multiple times with independent IDs.
Ah - so you just ask a question multiple times with different id and source port, making it exponentially harder to spoof an answer.
No, though it is a protection on end systems. To prevent cache contamination, it is enough that caching server caches information only if there are more than one query.
Sure, that would work
Thanks. Anyone else with other opinion?
but it doubles the load on authoritative nameservers.
Not necessarily. That is, as for caching servers, some questions are asked only once that there is no duplicated query generated.
Anyway, does anyone mind?
Note that the traffic should be a lot less than that for secure DNS.
That is, with
hpcl.titech.ac.jp. NS foo.bar foo.bar. A 131.112.32.132
Say a question originally arrived for www.hpcl.titech.ac.jp, and pdns_recursor already had "titech.ac.jp NS your-nameserver", pdns_recursor only accepts answers within or above titech.ac.jp. Foo.bar is immediately rejected, as it does not end on titech.ac.jp.
Are you saying nameservers "[a-m].gtld-servers.net." for "com." are rejected?
I think DJB does something smarter and accepts the glue *only* for this question.
That's unnecessarily inefficient.
Masataka Ohta
#---------------------------------------------------------------------- # To unsubscribe, send a message to <[EMAIL PROTECTED]>.
