[dns-operations] [DNSOP] bind fails to continue recursing on one specific query

[Peter DeVries]

<snip>

> The queries for "_.extglb.tn.gov. IN A ?" in your PCAP are a novelty to
> me.  Are these some form of query minimisation, or some sort of sanity
> check of the delegation?  Sadly, the "tn.gov" nameserver just drops
> these without responding, so their failure could well contribute to the
> problems you observe.

These are indeed how BIND does qname minimization in "relaxed" mode
which is currently the default.

We almost blocked these because we didn't know what they were but then
I stumbled upon one of the old RFC drafts for query minimization and
it does mention this as a technique.  I could see someone else doing
so as well because it did make up a very large percentage of our
inbound queries and there isn't much documentation on it.

Peter