Question about expected recursive resolver behavior

Sarah Newman srn at
Thu Apr 23 19:53:49 UTC 2020

On 4/23/20 12:41 PM, Chuck Aurora wrote:
> On 2020-04-23 14:16, Sarah Newman wrote:
>> What should happen when for a given domain:
>> - The domain resolves via TCP but not UDP - UDP for this domain had no
>> response at all.
>> - That authoritative nameserver hosts other domains, and those domains
>> resolve via UDP.
> Do you have an example for this?  I don't get the "no response on UDP"
> part.  If the same nameserver is answering other queries on UDP, why
> wouldn't at least send a REFUSED reply?
> Perhaps REFUSED has been disabled somehow; that could be tested by
> querying it for other non-hosted zones,
> dig @<that-NS> ns

Here is my example, but it's been fixed now:

REFUSED hasn't been disabled.

I bring this up because we had customers complaining about our resolvers not working and I don't know if we could/should have done better.


More information about the bind-users mailing list