DNSKEY NODATA responses not cached

Kalman Feher kalman.feher at melbourneit.com.au
Tue Jan 11 17:46:39 UTC 2011

I'm curious whether the domain in question had a DS in the parent zone?

On 11/01/11 4:52 PM, "Chris Thompson" <cet1 at cam.ac.uk> wrote:

> On Jan 11 2011, Alexander Gall wrote:
>> It appears that NODATA responses for qtype=DNSKEY are not cached if
>> DNSSEC validation is enabled (tested with 9.7.2-P3).  What is the
>> rationale behind this?
> I confirm the effect (same release). Or rather, the NODATA does get cached,
> as shown by a "!DNSKEY" count in the statistics display, but a new request
> goes back to the authoritative servers again anyway, as shown by the outgoing
> queries count and by the SOA in the authority section of the NODATA response
> having its original value.

Kal Feher 

More information about the bind-users mailing list