[dns-operations] Validating or not validating (ICANN controlled interruption)
Ralf Weber
dns at fl1ger.de
Wed Sep 3 08:19:29 UTC 2014
Moin!
On 03 Sep 2014, at 09:00, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
> BIND validates "A nimportequoi.otsuka" and yields an answer with AD bit
> set.
>
> Unbound gives back the answer but without the AD bit.
Vantio always answers with the AD bit set to add something to the mix.
> In some cases (difficult to pinpoint, depending on the resolver's
> state), both BIND and Unbound return SERVFAIL.
Could you be more specific. I ran a dnsperf with random first label
against Vantio and couldn't get it to return SERVFAIL after 500k queries.
I would have expected some rate limiting to be maybe the reason, but
haven't encountered it.
> Who's right?
I would assume that the answers validate correct and thus AD should
be set, but who looks at that bit anyway.
So long
-Ralf
More information about the dns-operations
mailing list