[dns-operations] blocking recursers
bortzmeyer at nic.fr
Mon Mar 27 07:34:34 UTC 2006
On Sun, Mar 26, 2006 at 02:37:38AM +0000,
Paul Vixie <paul at vix.com> wrote
a message of 9 lines which said:
> ask an RD=1 question about a nonexistent name in the root zone. if
> you get back NXDOMAIN it answered you recursively.
As usual in the wild Internet, things are never so simple. I just ran
a program which tests the RA bit against many nameservers (it is for
statistical purposes, not for blacklisting, so a few mistakes are not
important) and I noticed several nameservers which are *not* recursive
but show it by answering NXDOMAIN for domains which do exist but are
outside of their authority...
More information about the dns-operations