[dns-operations] sophosxl.net problem?

Paul Vixie paul at redbarn.org
Mon Nov 11 15:51:52 UTC 2019

Florian Weimer wrote on 2019-11-11 07:17:
> * James Stevens:
>> Would it be reasonable for an authoritative-only DNS Server to reject
>> / ignore / throttle requests with RD=1 ?
> It confuses people who try to debug issues with the dig tool.  Some
> servers already do it.
> Some system adminstrators want to list authoritative name servers in
> /etc/resolv.conf for some reason, and that would break too.

when presented with a choice of what to break, i find the best way 
forward to be, break something highly visible, and break it early.

so, answering REFUSED when authoritative-only and receiving RD=1, and 
answering REFUSED when recursive-only and receiving RD=0, and treating 
AA=0 as "lame" when doing recursion, all lead to a choppy present but a 
smoother future.

P Vixie

More information about the dns-operations mailing list