[dns-operations] NXDOMAIN at zone apex???
Paul Vixie
paul at redbarn.org
Thu May 25 15:32:44 UTC 2017
On Thursday, May 25, 2017 2:38:13 PM GMT Andrew Sullivan wrote:
> On Wed, May 24, 2017 at 08:16:06PM -0400, Viktor Dukhovni wrote:
> > I would have thought that's invalid, but unbound does not mind:
> It is invalid. Unbound tolerates this because a few "special" vendors
> don't know the difference between No answer/no data responses and
> NXDOMAIN, so resolvers have to put up with this. But it's wrong, yes.
> See RFC 8020.
the more we are liberal in what we accept, the more they will be
unconservative in what they generate.
RCODE=3 AA=1 should be interpreted as "rm -rf $qname" in the existing cache,
and the addition of a skull-and-crossbones marker to the cache at that same
location.
vixie
More information about the dns-operations
mailing list