d.e.f.theory..?
EGRAINSIZE: variable (long TTL)
I think that if you're proposing any changes at all to the existing
DNS protocol, it'd be easier to invent something new that handles
the situation directly.
Also remember that the DNSSEC protocol, if not current DNSSEC
implementations, already do nearly all of what we want. In
particular, if a response is synthesized from a wildcard, the response
includes what the wildcard was, and what range of queries that
wildcard covers, so the cache can answer subsequent queries in that
range without asking the master again. And on an NXDOMAIN, it
includes* an analogous record that says what the empty range around
the nonexistent name is, again allowing the cache to generate its
own NXDOMAIN for other queries in that range.
If we can't fit stuff into the existing non-DNSSEC DNS, the next
question is to compare the benefits of inventing and implementing a
special-purpose hack, rather than adjusting our servers and clients to
take advantage of existing DNSSEC facilities.
R's,
John
* - unless the server uses the optional NSEC3 stuff to prevent walking
the zone, which would be counterproductive in a DNSBL
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg