Re: queries for just a few domains fail (NXDOMAIN) for a bind 9.18 non-forwarding config ; forwarding does fix it. problem with 'my' config, or 'their' DNS ?

AWS are aware of the issue and are just taking a long time to address it. noted. pretty sure there's not a %*^$* thing i can do about THAT! NXDOMAIN for ENTs can also be result of not adding delegating NS records to the parent zone when both parent and child zones are served by the same serve

Re: queries for just a few domains fail (NXDOMAIN) for a bind 9.18 non-forwarding config ; forwarding does fix it. problem with 'my' config, or 'their' DNS ?

> On 26 Oct 2022, at 11:25, PGNet Dev wrote: > >> QNAME minimisation is a good idea. It comes in two flavours, relaxed >> and strict. Relaxed tries to cope with some breakages like NXDOMAIN >> being returned from ENTs. Strict doesn’t. > > switch to 'relaxed' does, in fact, 'solve' the issue

Re: A beginner's guide to DNSSEC with BIND 9

so I'm interested to hear if this will still be supported or what the roadmap is for deprecating the ability to hand-edit these files for DNSSEC-enabled zones. +1. what "he" (Richard) said! here, or in my 'other thread' ... will be helpful to know. -- Visit https://lists.isc.org/mailman/li

Re: queries for just a few domains fail (NXDOMAIN) for a bind 9.18 non-forwarding config ; forwarding does fix it. problem with 'my' config, or 'their' DNS ?

QNAME minimisation is a good idea. It comes in two flavours, relaxed and strict. Relaxed tries to cope with some breakages like NXDOMAIN being returned from ENTs. Strict doesn’t. switch to 'relaxed' does, in fact, 'solve' the issue. insofar as, it appears, i no longer require the forward-zom

Re: queries for just a few domains fail (NXDOMAIN) for a bind 9.18 non-forwarding config ; forwarding does fix it. problem with 'my' config, or 'their' DNS ?

> On 26 Oct 2022, at 11:12, PGNet Dev wrote: > > hi, > >> AWS are returning NXDOMAIN instead of NOERROR for empty non terminals. Do >> you have strict >> qname minimisation turned on? > > yup, i do > > ... > qname-minimization strict; > ... > > only because my i understoo

Re: queries for just a few domains fail (NXDOMAIN) for a bind 9.18 non-forwarding config ; forwarding does fix it. problem with 'my' config, or 'their' DNS ?

hi, AWS are returning NXDOMAIN instead of NOERROR for empty non terminals. Do you have strict qname minimisation turned on? yup, i do ... qname-minimization strict; ... only because my i understood my reads of BIND to Add QNAME Minimization https://

Re: queries for just a few domains fail (NXDOMAIN) for a bind 9.18 non-forwarding config ; forwarding does fix it. problem with 'my' config, or 'their' DNS ?

AWS are returning NXDOMAIN instead of NOERROR for empty non terminals. Do you have strict qname minimisation turned on? ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1690 ;; flags: qr aa ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: ver

queries for just a few domains fail (NXDOMAIN) for a bind 9.18 non-forwarding config ; forwarding does fix it. problem with 'my' config, or 'their' DNS ?

i run bind 9.18.8 i use root hints; forwarding is, by default, disabled in config with this config, i notice that although lookups for (e.g.) *.dock.io are available in public NS caches, e.g. dig A elb-default.us-east-1.aws.dckr.io @1.1.1.1 ; <<>> DiG 9.18.8 <<>> A elb