Ray Bellis <[email protected]> wrote: > On 30/10/2017 17:40, Evan Hunt wrote: > > > IIRC we discussed it, and were concerned that _ta. could be cached as > > nonexistent by servers implementing QNAME minimization. > > How would that happen, at least so long as _ta responds like any other > empty non-terminal?
It's NXDOMAIN. (It'll also fall foul of RFCs 8020 and 8198.) The problem occurs if you have a validator behind a cache. The cache will prevent downstream id._ta. queries from reaching the root, so any downstream trust anchor variation will be lost. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ - I xn--zr8h punycode Viking, North Utsire: Southwesterly 5 or 6, veering westerly 5 to 7 later. Moderate or rough, occasionally slight in North Utsire. Rain or showers, fog patches in Viking. Moderate or poor, occasionally very poor in Viking. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
