On Wed, Nov 11, 2015 at 01:15:37AM +0000, Wessels, Duane <[email protected]> wrote a message of 107 lines which said:
> This updates RFC 2308 (Negative Caching of DNS Queries). This would > seem to be the key text from 2308 to update: Yes, good catch, added to the online copy <https://github.com/bortzmeyer/ietf-dnsop-nxdomain> > I think its a little dangerous to say that an NXDOMAIN response > SHOULD cause a cache to delete already cached "positive" data. > Perhaps MAY is a better choice there. Or SHOULD when DNSSEC > validated, but MAY without. Don't you think that the second paragraph of section 7 in -00 address this concern? (My opinion is that this "attack" is nothing new and, without DNSSEC, everything can be poisoned.) _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
