mirror of
https://github.com/isc-projects/bind9.git
synced 2026-02-25 19:04:57 -05:00
34 lines
964 B
Text
34 lines
964 B
Text
|
|
Negative Caching
|
|
|
|
|
|
The non-DNSSEC case is pretty easy.
|
|
|
|
foundname = soa name
|
|
rdataset = soa
|
|
node = NULL
|
|
|
|
DNSSEC complicates things a lot, because we have to return one or more NXT
|
|
records (if we have them) as proof. Another tricky bit here is that we may
|
|
have an NXT record so we know the answer is NODATA, but we don't have the SOA
|
|
so we can't make a NODATA response that a non-DNSSEC-aware server could
|
|
cache. Life would sure be easier if we knew if the client understood DNSSEC.
|
|
Not sure what to do in this case. Probably return delegation to force client
|
|
to ask authority.
|
|
|
|
|
|
Perhaps we should just create some kind of meta-rdata, the "negative cache
|
|
rdata type"?
|
|
|
|
Or maybe something like:
|
|
|
|
dns_rdataset_ncachefirst()
|
|
dns_rdataset_ncachenext()
|
|
dns_rdataset_ncachecurrent()
|
|
|
|
dns_db_ncachenew(db, type) /* type can be any */
|
|
dns_db_ncachesoa(name, rdataset)
|
|
dns_db_ncachenxt(name, rdataset)
|
|
dns_db_ncacheadd(db, name, version)
|
|
|
|
Ick. I favor the former.
|