Why two lookups for a CNAME?
Matus UHLAR - fantomas
uhlar at fantomas.sk
Fri Oct 23 08:21:38 UTC 2015
>Am 22.10.2015 um 14:01 schrieb Matus UHLAR - fantomas:
>>I wonder if it's not enough to verify that the first response was received
>>from proper server.
>>
>>Since play.l.google.com is a subdomain of play.google.com, the lookup would
>>go throuth google.com nameservers again...
>>
>>when servers for bar.example are the same as servers for foo.example, the
>>already accepted answer for foo.example is expected to contain valid answer
>>for bar.example too...
On 22.10.15 14:07, Reindl Harald wrote:
>well, it's better to keep things simple and whenever possible working
>the same way instead premature optimization and different behavior to
>keep them clear and maintainable
I don't see what's premature on keeping invalidated responses pending in
cache for further validation ...
I believe this is very common at many of DNS hosting providers that will
return not just the answer but also the glue records so there's in fact no
need to check for them once you make sure the NS is correct so we can spare
us some RTTs.
(of course DNSSEC validation will still be done, but also optimized).
>at the end it does not matter
>
>most DNS results are coming from caches and if they are not in the
>cache they are not frequent enough that it would matter
it doesn't matter so much that nobody even asked for it on BIND mailing
list because of noticing it...
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I intend to live forever - so far so good.
More information about the bind-users
mailing list