[dns-operations] use-application-dns.net
Thomas Mieslinger
miesi at mail.com
Mon Sep 9 10:50:32 UTC 2019
Hi,
I run an enterprise DNS and without implementing the
use-application-dns.net hack my ~3000 internal services become
unavailable to my ~10000 internal users. Unfortunately uninstalling
Firefox on ~10000 workstations is not feasible.
after reading
https://support.mozilla.org/en-US/kb/configuring-networks-disable-dns-over-https
I recognized that requiring a NXDOMAIN reply is somewhat complicated:
- If I point use-application-dns.net to a Nameserver where the zone is
not loaded, a REFUSED will be replied
- If I point use-application-dns.net to Nameserver where a zone file
for use-application-dns.net is loaded, but no A or AAAA existing zone
file at the apex, a reply with the SOA and state NOERROR will constructed.
- If I point use-application-dns.net to Nameserver where a zone file
for use-application-dns.net is loaded but the zone-file is broken, a
SERVFAIL will be returned.
Is there any documentation how the mozilla guys did it with which
recursive/authoritative Software?
Best
Thomas
More information about the dns-operations
mailing list