Correct. Later versions use NS queries as that allows named to cache the non-existence of the NS RRset. Using _.domain doesn’t allow that to happen.
NS queries do however expose broken delegations. Make sure you have working NS records at the zone apex and at the delegation point. This is especially important when the server serves multiple levels in the zone hierarchy as intermediate delegations are often not seen without QNAME minimisation but are with QNAME minimisation. We have had bug reports due to all delegating NS records referring to non-existing servers. We have had bug reports due to garbage records at the zone apex. Mark -- Mark Andrews > On 17 May 2024, at 23:31, Stephane Bortzmeyer <bortzme...@nic.fr> wrote: > > On Fri, May 17, 2024 at 03:25:01PM +0200, > Matus UHLAR - fantomas <uh...@fantomas.sk> wrote > a message of 43 lines which said: > >> I have noticed that BIND sends strange (for me) queries. >> >> 5 0.198221 192.168.0.1 → 193.108.88.128 DNS 105 Standard query 0x15a4 A >> _.net.akadns.net OPT > > QNAME minimisation (RFC 9156), probably? > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
