Copyright (C) Internet Systems Consortium, Inc. ("ISC")

See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.

Negative Caching

The non-DNSSEC case is pretty easy.

	foundname = soa name
	rdataset = soa
	node = NULL

DNSSEC complicates things a lot, because we have to return one or more NXT
records (if we have them) as proof.  Another tricky bit here is that we may
have an NXT record so we know the answer is NODATA, but we don't have the SOA
so we can't make a NODATA response that a non-DNSSEC-aware server could
cache.  Life would sure be easier if we knew if the client understood DNSSEC.
Not sure what to do in this case.  Probably return delegation to force client
to ask authority.


Perhaps we should just create some kind of meta-rdata, the "negative cache
rdata type"?

Or maybe something like:

dns_rdataset_ncachefirst()
dns_rdataset_ncachenext()
dns_rdataset_ncachecurrent()

dns_db_ncachenew(db, type)		/* type can be any */
dns_db_ncachesoa(name, rdataset)
dns_db_ncachenxt(name, rdataset)
dns_db_ncacheadd(db, name, version)

Ick.  I favor the former.
