I'm curious whether the domain in question had a DS in the parent zone?
On 11/01/11 4:52 PM, "Chris Thompson" <c...@cam.ac.uk> wrote: > On Jan 11 2011, Alexander Gall wrote: > >> It appears that NODATA responses for qtype=DNSKEY are not cached if >> DNSSEC validation is enabled (tested with 9.7.2-P3). What is the >> rationale behind this? > > I confirm the effect (same release). Or rather, the NODATA does get cached, > as shown by a "!DNSKEY" count in the statistics display, but a new request > goes back to the authoritative servers again anyway, as shown by the outgoing > queries count and by the SOA in the authority section of the NODATA response > having its original value. -- Kal Feher _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
