[dns-operations] Cloudflare public DNS sometimes forwards incomplete&duplicated subset of NSEC RRs
Vladimír Čunát
vladimir.cunat+ietf at nic.cz
Tue Sep 1 08:36:52 UTC 2020
On 9/1/20 9:58 AM, Stephane Bortzmeyer wrote:
> AFAIK, Cloudflare uses Knot Resolver. I tested with another Knot
> resolver and it works:
I think they originally started the service quite close Knot Resolver
code, but they've apparently diverged quite a bit since then (I don't
know). To be sure, I had tested this report today and failed to get any
problem with our current code.
A related difference between 1.1.1.1 and Knot Resolver I now noticed:
they don't seem to be doing aggressive NSEC caching, whereas Knot
Resolver has it since January 2018 (it it could never be turned off on
signed names).
--Vladimir (Knot Resolver)
More information about the dns-operations
mailing list