> From: 神明達哉 <[email protected]> > Ah, okay, now I see it. I think there's some logical gap here, which > I believe could be improved through some wording change: > > - the last paragraph of RFC 4035 Section 4.5 talks about aggressive > use of a cached deduced wildcard (as well as aggressive use of > NSEC) but rather recommends not to rely on it. > - just like the case for the aggressive use of NSEC discussed in this > draft, we could revisit this recommendation. as long as the > recursive server knows a name would not exist without the wildcard > match, it could answer a query for that name using the cached > deduced wildcard, and it may be justified for performance and other > benefits. (Note that, so far, this is orthogonal to "when > aggressive use (of NSEC) is enabled"). > - *Furthermore* when aggressive use of NSEC is enabled, the aggressive > use of cached deduced wildcard will be more effective as the > aggressive NSEC use helps prove more names wouldn't exist without > the wildcard through fewer external queries.
Thanks. I used these texts. -- Kazunori Fujiwara, JPRS <[email protected]> _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
