Content-Disposition: inline Date: Fri, 20 Oct 2017 15:15:15 +0000 Content-Type: text/plain; charset="utf-8" From: stephen@isc.org To: bind9-public@isc.org MIME-Version: 1.0 Message-ID: X-RT-Interface: Web X-Mailer: MIME-tools 5.508 (Entity 5.508) Content-Transfer-Encoding: binary X-RT-Original-Encoding: utf-8 Content-Length: 994 I've reviewed the system tests for #40138: aggressive negative caching and feel that the following additional tests are required: * A check that "synth-from-dnssec no" disables the feature. * A check that "synth-fron-dnssec yes" in the configuration file enables the feature (none of configuration files in the test specify "synth-from-dnssec" - the all assume that the feature is enabled by default). * A check that the TTL of the cached NSEC records follow the recommendations in section 5.4 of RFC 8198, i.e. that the TTL of NSEC and NSEC3 records to match the SOA.MINIMUM field in the authority section of a negative response, if SOA.MINIMUM is smaller (if implemented: the recommendation is a SHOULD.) Also... * Please add a comment to the test (at the "sleep 1") explaining that the method by which the test checks that the answer is coming from cache is that after the sleep, it is expecting the TTL of the answers to be less than 3600. This is not immediately clear from the script.