Getting "query failed (REFUSED) for ./IN/ANY"
d.lawrence at salesforce.com
Wed Jan 13 14:52:48 UTC 2021
> >Are the queries refused because of the dot (.)? In the query log, I also
> > found some 28 IN ANY queries from 7 IPs for xxx.at.fragolina.it, which
> > probably got away with a NXDOMAIN.
> no. the dot is just the root domain.
Correct that . is the root domain, but I'd say the answer is a
qualified yes. If you are not providing open recursive services and
are not authoritative for the root domain, BIND will respond with
REFUSED just like it would if someone asked you about example.com when
you're not authoritative for that. In the old days you'd get a root
referral for authoritative resolution, but now you get a minimal
REFUSED to signal lack of authority for the question.
More information about the bind-users