[dns-operations] use-application-dns.net

Viktor Dukhovni ietf-dane at dukhovni.org
Mon Sep 9 15:54:43 UTC 2019


> On Sep 9, 2019, at 6:50 AM, Thomas Mieslinger <miesi at mail.com> wrote:
> 
> I recognized that requiring a NXDOMAIN reply is somewhat complicated:
> 
> - If I point use-application-dns.net to a Nameserver where the zone is
> not loaded, a REFUSED will be replied
> 
> - If I point use-application-dns.net to Nameserver where a zone file
> for use-application-dns.net is loaded, but no A or AAAA existing zone
> file at the apex, a reply with the SOA and state NOERROR will constructed.
> 
> - If I point use-application-dns.net to Nameserver where a zone file
> for use-application-dns.net is loaded but the zone-file is broken, a
> SERVFAIL will be returned.
> 
> Is there any documentation how the mozilla guys did it with which
> recursive/authoritative Software?

Haven't tried it yet, but I would expect that "unbound" with:

	local-zone: "use-application-dns.net." always_nxdomain

should get the job done.

-- 
	Viktor.



More information about the dns-operations mailing list