[dns-operations] sophosxl.net problem?

Dave Lawrence tale at dd.org
Mon Nov 11 21:11:25 UTC 2019

Viktor Dukhovni writes:
> We can't have both of:
>    * It is valid to return non-authoritative cached data for RD=0
>    * It is invalid to return AA=0 in response to RD=0 requests.
> Which shall it be? You say you find the first useful, but then you
> really can't have the second, the responser isn't necessarily lame
> if the qname is not the zone apex.

When I get an RD=0 query at my dual authoritative/recursive server
that can be answered from authoritative data, I do so without ever
consulting the cache.  

Yes it is a tiny bit sad-making that this means that in the rare case
where I am working with a zone hosted on a dual-mode server that
delegates a subzone away then I don't see the exact same behavior as I
would see in other circumstances, but I'm okay with that.

(Apologies for the poor editing of my previous message, too.  Clearly
I had hit send too soon.)

More information about the dns-operations mailing list