[dns-operations] chrome's 10 character QNAMEs to detect NXDOMAIN rewriting

Mark Andrews marka at isc.org
Mon Dec 16 23:26:59 UTC 2013


In message <52ACF0EE.3040404 at redbarn.org>, Paul Vixie writes:
>
> this is true. and i am a strong opponent of mixed-mode (recursive plus
> authoritative) servers, and i believe these are deprecated in later DNS
> RFC's, and in any case not even BIND 10 will have that feature mix --
> but RFC 1034 and RFC 1035 describe all name servers as working this way,
> and i expect that if "root zone hidden slave" configuration became
> widespread, then many name servers who don't support it today, would add
> it in some form -- perhaps only in this particular (root zone) form.

I don't care about mixed-mode for a nominally recursive server.

If you are a *listed* authoritative nameserver then you shouldn't
be recursive also.  That is the configuration that causes operational
problems for others.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the dns-operations mailing list