On Mon, Feb 25, 2008 at 4:07 AM, Robin Whittle <[EMAIL PROTECTED]> wrote: > It has been a while since I read your TRRP material, but I thought, > perhaps incorrectly, that when the ITR queries the authoritative > nameserver about some IP address X, it gets a response not just for > X, but for the entire micronet of which X is a part. (That micronet > could just be for X, but for the purposes of this discussion, I am > assuming it covers 2, 4 . . 256, 512 etc. addresses as a prefix.)
Hi Robin, TRRP returns information about the single EID IP address that the ITR is dealing with. The optional Netmask (NM) and Zone Transfer (ZT) features allow the ITR to expand that knowledge to cover a whole CIDR block if it finds that it is dealing with more than one included IP address. The reason TRRP doesn't immediately act on netmask information contained in the EID response is that the ITR can't authenticate the netmask without an additional query. This lesson was learned from a Bind "cache poisoning" problem in the late '90s where a hacker's DNS server would return "additional" records for which it was not authoritative and the caching resolver would accept those records uncritically. Regards, Bill Herrin -- William D. Herrin [EMAIL PROTECTED] [EMAIL PROTECTED] 3005 Crane Dr. Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004 -- to unsubscribe send a message to [EMAIL PROTECTED] with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/rrg/> & ftp://psg.com/pub/lists/rrg
