While it will speed up things slightly it won’t avoid the issue as TTLs vary.
-- Mark Andrews > On 11 Mar 2018, at 05:30, Tony Finch <d...@dotat.at> wrote: > > Evan Hunt <e...@isc.org> wrote: >> >> In 9.12.1 and the other upcoming maintenance releases, we've just reverted >> the change to validator.c that caused the problems. (That turns out to have >> the exact same effect as your patch does.) > > Great, that will please my user, and I can use NTAs to work around the > problem until then. > >> Apex CNAMEs are bogus, of course, but we do need to cope with them when >> they appear. We're going to revisit this issue in 9.12.2, once we've >> figured out how to solve the one problem without causing the other one. > > I have said this already so I'm at risk of being a bore, but it would be > super cool if BIND could make use of the DS records (or PNEs) it gets in > referrals, instead of re-fetching them during validation. It should > provide a nice speed-up, as well as allowing the validator to avoid > looking into insecure subtrees, which will have the side-effect of > avoiding problems with apex CNAMEs. > > Tony. > -- > f.anthony.n.finch <d...@dotat.at> http://dotat.at/ - I xn--zr8h punycode > Fisher: Easterly 6 to gale 8, increasing severe gale 9 for a time in north. > Moderate or rough, occasionally very rough in north. Rain. Moderate or poor. > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
