Evan Hunt <e...@isc.org> wrote: > On Wed, Mar 11, 2015 at 12:13:42PM +0000, Tony Finch wrote: > > These are signed zones so the answer has to validate. > > ... they are? I thought the proposal was to restrict/deprecate > qtype=ANY for all zones, not just signed ones.
At least some of them are signed :-) But you are right it needs to work for unsigned zones. NOERROR/NODATA responses to ANY will not work well. I did a quick test consisting of: dig any non.terminal # initially empty (echo 'update add non.terminal 3600 in txt "braaains"'; echo send) | nsupdate -l dig txt non.terminal For both signed and unsigned zones, the first query make BIND create a negtive cache entry which covers all types, so it doesn't recurse for the second query. This will make qmail fail deliveries with a permanent error. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ South Utsire, Forties, Cromarty, Forth, Tyne, Dogger: Southerly or southeasterly 6 to gale 8, occasionally severe gale 9 in Forties, Cromarty and Forth, becoming variable 4 for a time. Moderate or rough, occasionally very rough at first in Forties, Cromarty and Forth. Rain for a time. Good, becoming moderate or poor for a time. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
