[ietf-dkim] New issue: Upward query vs. wildcard publication

[Charles Lindsey]

On Tue, 17 Apr 2007 01:59:23 +0100, Jim Fenton <fenton at cisco.com> wrote:

> Option 3: As presented at IETF 68, upward queries would be performed if
> a NODATA response is required until the verifier gets to a TLD (or
> something that acts like one).
>
> Discussion:  Option 3 is simplest for the publisher, but likely to be
> considered unacceptable due to the potentially unbounded querying of
> higher-level domains, and possible load on root and/or TLD servers.

So any upward search needs to stop as soon as you find a level with an  
SOA. If you haven't found whatever SSP you were looking for by then, then  
you can assume it doesn't exist.

But, as John points out, SOA records tend not to get cached, so you might  
need to insist on an authoritative response and that places a strain on  
the official name servers for the zone, not to mention the extra lookup  
for the SOA.

-- 
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131                       
   Web: http://www.cs.man.ac.uk/~chl
Email: chl at clerew.man.ac.uk      Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9      Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5