NXDOMAIN redirection in BIND 9.9

Bill Owens owens at nysernet.org
Thu Sep 29 21:06:13 UTC 2011


I've obviously been asleep and not following along with the announcements of new features in BIND 9.9 until today. . . both Evan's blog post <http://www.isc.org/community/blog/201109/isc-bind-990a1-feature-preview> and the announcement of next week's webinar include NXDOMAIN redirection as the first new feature. I'm really surprised by that - is this something that BIND users were clamoring for? Or is it a situation where other servers were providing this feature, and BIND needed it to maintain parity?

Obviously those of us who find this idea disturbing don't need to enable it, and DNSSEC provides an effective defense against those who would enable it* but it still leaves me curious. 

*except that perhaps those who enable this feature will use it as an excuse to avoid enabling validation, which would be a very bad result, IMO. . .

Bill.



More information about the bind-users mailing list