[dns-operations] Validating or not validating (ICANN controlled interruption)
Stephane Bortzmeyer
bortzmeyer at nic.fr
Wed Sep 3 07:00:16 UTC 2014
BIND validates "A nimportequoi.otsuka" and yields an answer with AD bit
set.
Unbound gives back the answer but without the AD bit.
[Try it yourself, 'dig @unbound.odvr.dns-oarc.net A
nimportequoi.otsuka' and 'dig @bind.odvr.dns-oarc.net A nimportequoi.otsuka']
In some cases (difficult to pinpoint, depending on the resolver's
state), both BIND and Unbound return SERVFAIL.
Who's right?
PS: dnsviz claims that names like eb2dz5xm4s.otsuka are "secure,
non-existent" while they elicit an answer.
More information about the dns-operations
mailing list