ncache revision 73f4d29ef46f9bbcb104b3dd54393c702848a0ab
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan HuntNegative Caching
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark AndrewsThe non-DNSSEC case is pretty easy.
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Hunt foundname = soa name
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Hunt rdataset = soa
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan HuntDNSSEC complicates things a lot, because we have to return one or more NXT
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Huntrecords (if we have them) as proof. Another tricky bit here is that we may
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Hunthave an NXT record so we know the answer is NODATA, but we don't have the SOA
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Huntso we can't make a NODATA response that a non-DNSSEC-aware server could
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Huntcache. Life would sure be easier if we knew if the client understood DNSSEC.
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan HuntNot sure what to do in this case. Probably return delegation to force client
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan Huntto ask authority.
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan HuntPerhaps we should just create some kind of meta-rdata, the "negative cache
0c2313eb367de3b58801d643d52c0fd9bc0e5df7Evan HuntOr maybe something like: