I understand that it's still a cache in the DNS hierarchy, but in
operation, it's much more like a secondary master. Like a secondary,
it bulk fetches the zone, answers all queries about that zone from its
own copy, and uses the SOA times to decide when to fetch again.
There are some potentially surprising protocol implications for clients
when recursive servers answer authoritatively for particular queries.
Specifically, AA and AD bit processing is different.
I don't get it. The recursive server is still using data that it got from
an authoritative server. Why wouldn't it set the bits the same way it
would as if it had fetched the records one name at a time?
The only thing I can see that's a little funky is that it makes its own
NXDOMAIN responses, but I'd think those would be AD if they're created
from signed RRSETs.
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
