1. DNS/RFC/2308

http://tools.ietf.org/html/rfc2308

Negative caching in resolvers is no-longer optional,
  if a resolver caches anything it must also cache negative answers.

リゾルバーでのネガティブキャッシングはもう任意実装ではありません。

2. 更新情報

https://www.rfc-editor.org/info/rfc6604

https://tools.ietf.org/html/rfc8020

3. Nagative caching (ネガティブキャッシング)

"Negative caching" - the storage of knowledge that something does not exist.  
We can store the knowledge that a record has a particular value.

We can also do the reverse, that is, to store the knowledge that a record does not exist.
It is the storage of knowledge that something does not exist,
cannot or does not give an answer that we call negative caching.

どこかでネガティブキャッシュと訳してしまったようだが、よくない。

権威サーバから否定返答をする場合の決まり:SOAレコードをAuth. Sec. に入れよ。

3 - Negative Answers from Authoritative Servers

   Name servers authoritative for a zone MUST include the SOA record of
   the zone in the authority section of the response when reporting an
   NXDOMAIN or indicating that no data of the requested type exists.

   This is required so that the response may be cached.  The TTL of this
   record is set from the minimum of the MINIMUM field of the SOA record
   and the TTL of the SOA itself, and indicates how long a resolver may
   cache the negative answer.  The TTL SIG record associated with the
   SOA record should also be trimmed in line with the SOA's TTL.

ゾーンに対して権威をもつサーバは否定返答をするときには

(注)SOAレコードがあれば、あとはなにがあってもいいので、NSレコードを含めることも行われる。

Negative responses without SOA records SHOULD NOT be cached
as there is no way to prevent the negative responses looping forever
between a pair of servers even with a short TTL.

3.1. ただし

SOAレコードがないからと言って、delegationだとするのも間違いだし、非常に危険な動作ということになる。

4. nxdomain 返答コード

http://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6

(予定)

定義の修正が必要だが、あるのか。 (RFC 1035のまま?)

-- ToshinoriMaeno 2015-05-04 02:57:08