On Sun, Apr 01, 2018 at 01:33:17PM -0400, Warren Kumari wrote: > I'm also somewhat confused what the caching the wildcard answer > *means* - if I have *.example.com cached and then get a query for > foo.example.com I still need to query for it (note that this is all > before DNSSEC / Aggressive NSEC / etc) and so what is the "use" of the > cached wildcard? AFAICT, searching for the wildcard itself is only > useful for debugging, so caching it seems wasteful at best.
It could also be wasteful not to. First, the resolver has to examine every name to see whether it's a wildcard before deciding whether to cache it, which has a small but non-zero cost. Second and more significantly, every time an explicit query for a wildcard name arrives, an iterative query must be sent to resolve it. I strongly suspect the reason the text was there was to prevent implementations from naively using a cached wildcard record *as* a wildcard -- i.e., synthesizing answers when there was a cache miss, instead of sending a query to the authority. As long as an implementation doesn't do that, I see no reason to worry about it. > Can folk help me understand what should happen with this errata? Errata, as I understand it, are meant to fix drafting errors, not correctly-expressed but wrong ideas. I agree with Mukund that the requirement shouldn't be there, but I'm not sure which class of error it is - bad writing or wrong thinking. If it was wrong thinking, then it calls for correction in a bis document rather than an erratum. Errata can be published an awful lot faster, though. -- Evan Hunt -- [email protected] Internet Systems Consortium, Inc. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
