On Tue, Apr 6, 2021 at 11:11 AM Murray S. Kucherawy <superu...@gmail.com> wrote:
> I'm wondering something about tree walks, which John Levine asked about in > November, as it's a topic of interest to the evolution of DMARC. > > I've read RFC 8020 which says an NXDOMAIN cached for "foo.example" also > covers later queries for "bar.foo.example". Makes sense. > > Can this be used (or maybe amended) to cover the queries if they come in > the reverse order? For instance, if "bar.foo.example" arrives first, but > the authoritative server can determine that the entire "foo.example" tree > doesn't exist, could it reply with an NXDOMAIN for the question plus a > cacheable indication about the entire tree instead of just the name that > was in the question? > I think this is another point in favor of doing QNAME minimization. RFC7816 (technically experimental, but recommended.) It kind of makes the query order moot; the resolver looks up the shorter name first even while resolving the longer name. Should be handled by the resolver, so maybe tangential to DMARC (other than maybe being an included reference and recommendation within any DMARC draft/RFC). Brian > > This would make an ascending tree walk even for something crazy like > "a.b.c.d.....y.z.foo.example" extremely cheap as the cached NXDOMAIN for > "foo.example" covers the entire subtree, for a caching nameserver > implementing RFC 8020. > > Maybe this is discussed somewhere that I missed in the references. I'm > happy to take a "go read this for the answer" if that's the case. > > Thanks, > > -MSK > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
