> On 26 Oct 2022, at 11:25, PGNet Dev <pgnet....@gmail.com> wrote: > >> QNAME minimisation is a good idea. It comes in two flavours, relaxed >> and strict. Relaxed tries to cope with some breakages like NXDOMAIN >> being returned from ENTs. Strict doesn’t. > > switch to 'relaxed' does, in fact, 'solve' the issue. insofar as, it appears, > i no longer require the forward-zome workarounds. > > that said, do i understand correctly that the Amazon et al responses are, in > fact, 'breakages'? > and, if so, that i have probly zero-chance of getting them to fix themselves > in the next century or so? > i.e., is 'relaxed' recommended for the real-world?
AWS are aware of the issue and are just taking a long time to address it. NXDOMAIN for ENTs can also be result of not adding delegating NS records to the parent zone when both parent and child zones are served by the same server. QNAME minimisation exposes lots of errors as it make queries that aren’t seen without it. The best way to do QNAME minimisation is to make NS queries as then you can cache non-existence of the NS RRset at intermediate nodes but then you run up against toy DNS servers / firewalls that only handle A and AAAA lookups. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
