> From: ice jew <[email protected]> > There is one confusing point in page 12 "– whose RR TTL is smaller than > NCACHE TTL" > Does this really matter? Because the increased requests are to check the > DS RR's non-existence when NCAHCE for this DS RR exipres, so how is it > related to the RR's TTL?
Because DNSSEC validation process does not start if RR of popular names are in the cache. One example is "www.nanog.org A". It is not signed and its TTL is 14400. www.nanog.org. 14400 IN A 50.31.151.68 I made "www.nanog.org A" periodic queries to my validators, the sending interval of "nanog.org DS" queries is not NCACHE TTL 900. -- Kazunori Fujiwara, JPRS <[email protected]> _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
