> On Feb 25, 2016, at 3:12 PM, John R Levine <[email protected]> wrote: > >> In other words, today (as a BIND user) you might only have to wait 3 hours >> when a new TLD is added, not the whole SOA minimum. > > Given that new TLDs publish a 127.53.53.53 wildcard for a month to try and > show people where they have collisions, I'd think the root's one day TTL > would be the least of your problems.
I don't disagree, but the document seemed to be saying that the TTL was one day either way. > >> For implementations that treat "positive" and "negative" cache entries >> separately, perhaps the document should say whether a validated proof of >> non-existence should be considered "positive" or "negative." > > How could it be other than negative? It signals an NXDOMAIN to the ultimate > client? An argument could be made that the NSEC records positively exist and would be cached for their full TTL. Quoting the draft: 3. Generating negatives responses from NSEC ... So, if a resolver generates negative answers from an NSEC record, it will not send any queries for names within that NSEC range (for the TTL). If a new name is added to the zone during this interval the resolver will not know this. DW _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
