On Thu, Apr 24, 2025 at 04:05:22AM +0200, Peter Thomassen <[email protected]> wrote a message of 40 lines which said:
> - I assume the transmission will contain the TTL as decremented in > the sending peer's cache. The idea is to send the data immediately (less than one second) after receving it. > - A resolver might learn that a record is gone before the TTL > expires, e.g., when it does prefetch and receives a negative > response. For insecure zones, (how) do you imagine this to be > shared? (Perhaps with TTL=0 and empty rdata?) Interesting improvment but I have currently no idea. > - Like Paul, I was also thinking of a long-lived IXFR-style > stream. RRset deletions also needs to be signaled, but SOA records > used in IXFR are not available. (TTL=0 and empty rdata might work > as well.) Perhaps finally a use for another CLASS! And I thought that my idea of a C-DNS feed over TLS was too complicated :-) > - As for multicast over an encrypted channel, I'm not sure how that > would work given that usually a Diffie-Hellman exchange or similar > would be included (which is p2p-specific). We were not thinking of using an encrypted channel for multicast. TSIG enforces authentication and integrity, confidentiality is a nice plus but not necessary for this protocol (except may be the issue of the question section). _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
