This is worse than I feared...total vocabulary breakdown...
..."cachable wildcards"..."Synthetic wildcards"...
Before anyone can talk intelligently about DNS wild cards, you must
read and understand RFC 1034, sections 4.3.2 and 4.3.3.
"Wildcard RRs can be thought of as instructions for synthesizing
RRs." That's in 4.3.3. MARID folks ought to read at least 4.3.3 -
it's short and very SMTP related (MX example).
Synthesis of records, according to instructions in RFC 1034, can only
be done at an authority server (not in a cache). That's from the
suggested algorithm in 4.3.2.
As a mental exercise, I like to ignore that DNSSEC exists when coming
to grips with wild cards. Without DNSSEC, the client can not
distinguish between a synthesized answer from an non-synthesized
(i.e., from the zone file) answer. If a cache held a wild card
record, it wouldn't know to use it - because doesn't have the
necessary information (as enumerated in 4.3.2) to know when to apply
synthesis.
With DNSSEC, a resolver has some more information, but still not
quite enough. I.e., it's apparent if an answer was synthesized. But
that's not enough to determine what the rules of synthesis are. A
cache does not know zone cuts, nor other names that exist. (Without
delving much, I believe a cache is basically not supposed to do any
synthesis. A cache can touch on negative answers with DNSSEC, but
that's all - if that much.)
At 12:06 -0700 5/18/04, Ted Hardie wrote:
At 11:45 AM -0700 05/18/2004, Hallam-Baker, Phillip wrote:
On the wildcards issue. We are only talking about restrictions on
cachable wildcards. Synthetic wildcards will still be possible.
If we are going to rely on synthetic wildcards in places
other than the left-most, a similar deployment question
surely needs to be asked: how many of the deployed
implementations can manage that?
There is also a DNSSEC issue with synthetic wildcards,
but it is secondary to the base question.
Speaking personally,
regards,
Ted Hardie
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-703-227-9854
ARIN Research Engineer
Even the voices inside my head are refusing to talk to me anymore.