On Dec 7 2013, Joe Abley wrote:
On 2013-12-05, at 07:15, Chris Thompson <c...@cam.ac.uk> wrote:
[...]
How would such DNAMEs interact with use of BIND's "root-delegation-only"
(or equivalents, if any, in other software)? Do we have any idea how
widespread use of that option is?
I don't recall there ever being a time when the default behaviour of BIND9
was to insist on delegation-only behaviour from the *root* zone. As I
remember those fun and exciting, lawyer-infested times the delegation-only
behaviour was applied to all TLD zones, except those that were specified
as needing to be otherwise.
Well the BIND9 ARM says
| root-delegation-only
|
| Turn on enforcement of delegation-only in TLDs (top level domains)
| and root zones with an optional exclude list.
so I presume it *is* meant to apply to the root zone. In the absence
of an offending RR in the real root zone, I suppose I would have to
set up a configuration with a fake root to confirm that.
root-delegation-only has never been a distribution BIND default, and
the words about it in the ARM should be enough to put anyone reading
them off the idea, Could it be in packaged configurations, though?
Or just in private configurations dating from the 10-years-ago
"*.com" wildcard era and not modified since?
--
Chris Thompson University of Cambridge Computing Service,
Email: c...@ucs.cam.ac.uk Roger Needham Building, 7 JJ Thomson Avenue,
Phone: +44 1223 334715 Cambridge CB3 0RB, United Kingdom.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
