On Sat, 19 Apr 2025, Philip Homburg wrote:
In your letter dated 18 Apr 2025 17:43:59 -0400 you wrote:
I use unbound, which by default serves empty stubs for all these zones,
along with the RFC1918 rDNS. In practice it works fine.
Yes, I know that part works.
I run a validating proxy on my laptop. That will fail.
We can have an unproductive argument about whether that's a fundamental
flaw or a configuration error.
If you're going to make local modifications to the DNS tree in some parts
of your setup but not others, it is not much of a surprise that the
results are inconsistent. I think we either need to decide that since
people have been doing local DNS hacks for at least three decades, either
we admit that it does what it does and you should be aware that some parts
don't work. or we should think about some way to keep the local DNS hacks
in sync throughout a network for the people who don't use their cache as
the source of DNS truth.
R's,
John
_______________________________________________
DNSOP mailing list -- dnsop@ietf.org
To unsubscribe send an email to dnsop-le...@ietf.org
