On Thu, Nov 12, 2015 at 06:13:04PM +0000,
Wessels, Duane <[email protected]> wrote
a message of 57 lines which said:
> As Mark pointed out, we can't use the SOA to make NXDOMAIN more aggressive.
>
> For a name like foo.bar.example.com and an NXDOMAIN response from
> example.com we can't assume that there would be a zone cut between
> foo and bar.
Could anyone explain in detail why is it so? [I don't understand why
the zone cut is important here: using the SOA does not depend on
whether there is a zone cut or not.]
Let's say I query foo.bar.example to example's name servers. I get:
...
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64182
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 1
...
;; QUESTION SECTION:
;foo.bar.example. IN SOA
...
example. 5400 IN SOA nsmaster.nic.example.
hostmaster.nic.example. (
2222956935 ; serial
3600 ; refresh (1 hour)
....
It can mean only one thing, that bar.example does not exist. How could
it be different?
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
