On Mon, Apr 16, 2018 at 03:30:36PM +0100, Tony Finch wrote:
> I'm slightly surprised that Evan and Mukund haven't mentioned this, but
> BIND 9.1 to 9.11 had additional-from-cache and additional-from-auth
> options which controlled this behaviour. (I turned them off on my servers
> years ago.) In 9.12 the options have been removed and authoritative
> answers never chase around in search of gossip.
Ok - so it appears staying "in zone" for CNAME and glue is fine, or perhaps
even recommended? A best practice?
> > None of these resolve when I try them, I wonder if that is because
> > implementations want CNAMEs to be 'host names', or if this a chain of
> > bugs. Not practically very relevant, but still.
>
> My recursive server gets upset because in noerror/nodata answers, the SOA
> record appears in the answer section not the authority section.
Fixed!
> $ ping 'some host.tdns.powerdns.org'
> it does actually ask the recursive server before giving up in disgust.
> Weird.
It is indeed somewhat strange, but I'm not even sure if this is bad or good.
Bert
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
