[dns-operations] sophosxl.net problem?
Paul Vixie
paul at redbarn.org
Mon Nov 11 15:51:52 UTC 2019
Florian Weimer wrote on 2019-11-11 07:17:
> * James Stevens:
>
>> Would it be reasonable for an authoritative-only DNS Server to reject
>> / ignore / throttle requests with RD=1 ?
>
> It confuses people who try to debug issues with the dig tool. Some
> servers already do it.
>
> Some system adminstrators want to list authoritative name servers in
> /etc/resolv.conf for some reason, and that would break too.
when presented with a choice of what to break, i find the best way
forward to be, break something highly visible, and break it early.
so, answering REFUSED when authoritative-only and receiving RD=1, and
answering REFUSED when recursive-only and receiving RD=0, and treating
AA=0 as "lame" when doing recursion, all lead to a choppy present but a
smoother future.
--
P Vixie
More information about the dns-operations
mailing list