[dns-operations] use-application-dns.net
Viktor Dukhovni
ietf-dane at dukhovni.org
Mon Sep 9 15:54:43 UTC 2019
> On Sep 9, 2019, at 6:50 AM, Thomas Mieslinger <miesi at mail.com> wrote:
>
> I recognized that requiring a NXDOMAIN reply is somewhat complicated:
>
> - If I point use-application-dns.net to a Nameserver where the zone is
> not loaded, a REFUSED will be replied
>
> - If I point use-application-dns.net to Nameserver where a zone file
> for use-application-dns.net is loaded, but no A or AAAA existing zone
> file at the apex, a reply with the SOA and state NOERROR will constructed.
>
> - If I point use-application-dns.net to Nameserver where a zone file
> for use-application-dns.net is loaded but the zone-file is broken, a
> SERVFAIL will be returned.
>
> Is there any documentation how the mozilla guys did it with which
> recursive/authoritative Software?
Haven't tried it yet, but I would expect that "unbound" with:
local-zone: "use-application-dns.net." always_nxdomain
should get the job done.
--
Viktor.
More information about the dns-operations
mailing list