Hi folks, We found there are Negative responses without SOA records exist in the Internet. I noticed that RFC2308 suggests not caching Negative responses without SOA records to avoid a loop.
So I'm wondering what the loop or circle is. Does it mean the resolver may cache the Negative response forever by resetting the TTL? I think it is largely dependent on how the resolver implements it. Or are there other risks of looping I may miss? In section 5 of RFC2308 it says: Negative responses without SOA records SHOULD NOT be cached as there is no way to prevent the negative responses looping forever between a pair of servers even with a short TTL. Despite the DNS forming a tree of servers, with various mis- configurations it is possible to form a loop in the query graph, e.g. two servers listing each other as forwarders, various lame server configurations. Without a TTL count down a cache negative response when received by the next server would have its TTL reset. This negative indication could then live forever circulating between the servers involved. Best regards, Davey
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
