On 22 Jun 2014, at 18:41, Joe Abley <[email protected]> wrote: > > On 22 Jun 2014, at 11:54, John Levine <[email protected]> wrote: > >>>> As I understand it, this changes DNS caches so that for the root zone >>>> its behavior is somewhere between a cache and a secondary master. >>> >>> The cache remains precisely a cache. >> >> I understand that it's still a cache in the DNS hierarchy, but in >> operation, it's much more like a secondary master. Like a secondary, >> it bulk fetches the zone, answers all queries about that zone from its >> own copy, and uses the SOA times to decide when to fetch again. > > There are some potentially surprising protocol implications for clients when > recursive servers answer authoritatively for particular queries. > Specifically, AA and AD bit processing is different. I don't think that anybody is suggesting this. I think it is more appropriate to think of the solution as the resolver having a tiny authoritative server inside serving the root. If it has a copy of the root zone transferred it answers, if not it doesn't and the recursion goes the normal way. That is similar to what people did when there was fear of an attack on the root servers, just inside the server and not with two servers.
So long -Ralf _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
