>> Hello Michael
>> Thank you for your response. Here is a pcap file and some logs.
>
> Hello Sami,
>
> Your pcap shows your resolver making thousands of queries that get
> no responses (or at least the pcap does not contain them). There's
> not much I can say, beyond that this does not appear to
I should add that a resolver should be able to stop on the first NXDOMAIN.
It’s only because we know there are mis-implementations of the protocol
(returning NXDOMAIN rather that NOERROR for empty non-terminals) and
mis-configurations (missing delegating NS records) that the default is to
cont
It’s just a false positive when the result is NXDOMAIN. Because people forget
to put delegating NS records in parent zones when both are served by the same
server the lookups continue on NXDOMAIN. There is an issue to address this.
--
Mark Andrews
> On 25 Jun 2024, at 06:36, Peter wrote:
>
On Fri, Jun 21, 2024 at 04:58:55PM +0200, Stephane Bortzmeyer wrote:
! On Fri, Jun 21, 2024 at 07:03:14AM +,
! 65;6800;1c Michael Batchelder wrote
! a message of 59 lines which said:
!
! > You'll need to fix these zones so that the response is NOERROR rather than
NXDOMAIN.
!
! Yes and, if
> Hello Michael
> Thank you for your response. Here is a pcap file and some logs.
Hello Sami,
Your pcap shows your resolver making thousands of queries that get no responses
(or at least the pcap does not contain them). There's not much I can say,
beyond that this does not appear to be a proble
5 matches
Mail list logo
