>Yes, ANC breaks using the DNS for Internet reachability testing. > >Named has code to return zero TTLs on negative answers to SOA queries >to avoid polluting caches with NXDOMAIN results when searching for >zone cuts. Nsupdate and similar tools need to be able to find the >containing zone of names that are about to be added and cached >NXDOMAIN responses are a right-royal-pain-in-the-butt if you want >to lookup the name just after you have added it to the DNS.
Did you ever consider making this work assuming more aggressive negative caching? It seems to me that deploying code under the assumption of only limited caching of negative results is a good way to block all kinds of future work, or alternatively, you may be in for a lot of pain if other people decide that negative caching is more important. For example, if you are about to add foo.example.com and you want to find the zone cut, then looking up $DOES_NOT_EXIST.example.com will give you the zone cut without revealing anything about 'foo'. If you want to test something, create a zone that is designed to be tested, for example, one with low ttls everywhere. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
