Skip to main content

Updating Resolver Algorithm

Document Type Expired Internet-Draft (dnsop WG)
Author Kazunori Fujiwara
Last updated 2017-05-04 (Latest revision 2016-10-31)
Stream Internet Engineering Task Force (IETF)
Expired & archived
Stream WG state Candidate for WG Adoption
Document shepherd (None)
IESG IESG state Expired
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


Parent side NS RRSet and glue records are all information to access servers for child zone. However, they may be overwritten by child zone data (zone apex NS RRSet and other A/AAAA RRSets). The overwrite makes name resolution unstable and induces vulnerabilities. RFC 2181 section 5.4.1 specifies trustworthiness of DNS data. And it is deemed that that all cached data (authoritative data, non- authoritative data, referrals and glue records) are merged into one. Resolvers may answer non-authoritative data, referrals and glue records that should not be returned. This document proposes updating resolver algorithm that separates the cache to "authoritative data cache" and "delegation cache". The former is used to answer stub resolvers, and the latter is used to iterate zones.


Kazunori Fujiwara

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)