[dns-operations] blocking recursers

Stephane Bortzmeyer bortzmeyer at nic.fr
Mon Mar 27 07:34:34 UTC 2006

On Sun, Mar 26, 2006 at 02:37:38AM +0000,
 Paul Vixie <paul at vix.com> wrote 
 a message of 9 lines which said:

> ask an RD=1 question about a nonexistent name in the root zone.  if
> you get back NXDOMAIN it answered you recursively.

As usual in the wild Internet, things are never so simple. I just ran
a program which tests the RA bit against many nameservers (it is for
statistical purposes, not for blacklisting, so a few mistakes are not
important) and I noticed several nameservers which are *not* recursive
but show it by answering NXDOMAIN for domains which do exist but are
outside of their authority...

More information about the dns-operations mailing list