Question about expected recursive resolver behavior
srn at prgmr.com
Thu Apr 23 19:53:49 UTC 2020
On 4/23/20 12:41 PM, Chuck Aurora wrote:
> On 2020-04-23 14:16, Sarah Newman wrote:
>> What should happen when for a given domain:
>> - The domain resolves via TCP but not UDP - UDP for this domain had no
>> response at all.
>> - That authoritative nameserver hosts other domains, and those domains
>> resolve via UDP.
> Do you have an example for this? I don't get the "no response on UDP"
> part. If the same nameserver is answering other queries on UDP, why
> wouldn't at least send a REFUSED reply?
> Perhaps REFUSED has been disabled somehow; that could be tested by
> querying it for other non-hosted zones,
> dig @<that-NS> ns isc.org.
Here is my example, but it's been fixed now:
REFUSED hasn't been disabled.
I bring this up because we had customers complaining about our resolvers not working and I don't know if we could/should have done better.
More information about the bind-users