On Apr 1, 2015, at 11:24 AM, Evan Hunt <[email protected]> wrote: > >>> Should we also mention that NODATA responses usually include a SOA record >>> in the authority section to indicate to resolvers how long to do negative >>> caching for? >> >> That does not seem to be established firmly enough for us to add. > > It's necessary for negative caching, so I believe it's required > for authoritative responses (RFC 2308 section 3), but optional for > recursive.
Good point, I was only thinking of recursive answers, and I don't think I see SOAs there all the time. We can add that NODATA responses for authoritative responses include the SOA. > Might also add that DNSSEC-signed zones will include a signed NSEC/NSEC3 > to prove the nonexistence of the qtype. Adding the nonexistence stuff for all the types of responses will make this document harder to read... --Paul Hoffman _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
