[dns-operations] Validating or not validating (ICANN controlled interruption)

Stephane Bortzmeyer Wed, 03 Sep 2014 00:11:25 -0700

BIND validates "A nimportequoi.otsuka" and yields an answer with AD bit
set.


Unbound gives back the answer but without the AD bit.

[Try it yourself, 'dig @unbound.odvr.dns-oarc.net A
nimportequoi.otsuka' and 'dig @bind.odvr.dns-oarc.net A nimportequoi.otsuka']

In some cases (difficult to pinpoint, depending on the resolver's
state), both BIND and Unbound return SERVFAIL.

Who's right?

PS: dnsviz claims that names like eb2dz5xm4s.otsuka are "secure,
non-existent" while they elicit an answer.
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

[dns-operations] Validating or not validating (ICANN controlled interruption)

Reply via email to