queries for "_.domain"
Matus UHLAR - fantomas
uhlar at fantomas.sk
Mon May 20 08:38:35 UTC 2024
On 18.05.24 07:10, Mark Andrews wrote:
> Correct. Later versions use NS queries as that allows named to cache the non-existence of the NS RRset.
I see this happened since 9.18.17
Luckily Debian 11/backports and Debian 12 have incorporated this version.
> Using _.domain doesn’t allow that to happen.
Which I guess caused my problem.
Looking at the docs, I can only turn it off in previous versions.
(QNAME minimization was added in 9.13.2)
> NS queries do however expose broken delegations. Make sure you have
> working NS records at the zone apex and at the delegation point. This is
> especially important when the server serves multiple levels in the zone
> hierarchy as intermediate delegations are often not seen without QNAME
> minimisation but are with QNAME minimisation.
Luckily this is resolving-only server.
> We have had bug reports due to all delegating NS records referring to non-existing servers.
>
> We have had bug reports due to garbage records at the zone apex.
I encountered problems like this in the past. And then people wonder they
DNS work properly.
The "google (8.8.8.8) works" argument is problematic because google violates
DNS in cases like this.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Honk if you love peace and quiet.
More information about the bind-users
mailing list