DNSKEY NODATA responses not cached
Kalman Feher
kalman.feher at melbourneit.com.au
Tue Jan 11 17:46:39 UTC 2011
I'm curious whether the domain in question had a DS in the parent zone?
On 11/01/11 4:52 PM, "Chris Thompson" <cet1 at cam.ac.uk> wrote:
> On Jan 11 2011, Alexander Gall wrote:
>
>> It appears that NODATA responses for qtype=DNSKEY are not cached if
>> DNSSEC validation is enabled (tested with 9.7.2-P3). What is the
>> rationale behind this?
>
> I confirm the effect (same release). Or rather, the NODATA does get cached,
> as shown by a "!DNSKEY" count in the statistics display, but a new request
> goes back to the authoritative servers again anyway, as shown by the outgoing
> queries count and by the SOA in the authority section of the NODATA response
> having its original value.
--
Kal Feher
More information about the bind-users
mailing list