On Tue, Jul 7, 2015 at 5:20 AM, <[email protected]> wrote: > Akira Kato and I submitted draft-fujiwara-dnsop-nsec-aggressiveuse-01. > > > https://datatracker.ietf.org/doc/draft-fujiwara-dnsop-nsec-aggressiveuse/ > > > ...
> -- > Kazunori Fujiwara, JPRS <[email protected]> > > I am concerned that the "AN" flag allows for easy zone walking, defeating the purpose of minimal range NSEC records. So I don't think authoritative servers would want to respect it. I am also concerned that random subdomain queries will set the CD bit, if that avoids aggressive negative caching. So I would think that the CD bit should not be allowed to stop aggressive negative caching. -- Bob Harold
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
