Hi Benny, The operator of the specific rbl is doing this, on purpose. Can’t make it more clear then that.
Dnssec would not add anything here. Thanks, Raymond Dijkxhoorn > Op 13 mei 2021 om 00:01 heeft Benny Pedersen <m...@junc.eu> het volgende > geschreven: > > On 2021-05-12 23:30, Raymond Dijkxhoorn wrote: > >> It’s the authoritive nameserver giving that answer. With likely a view >> or acl response. So adding dnssec would not make much of a difference >> here. > > so dnssec is brokken ? > > auth dnsservers or not, problem is when other dns servers cache possitive > results imho, and continue keep it, while negative expires fast, but dns > servers should relly expire on soa changes no matter ttl is not expired > > i am still no expert, just trying to understand the problem > > i hate to see qname minimalzion in bind9 turned on by default, while there is > no fix for this on rbldnsd > > would rbldnsd update dlz in bind9 redis in someway, i know it could dump dns > data as bind9 zone, but it would be nice to see it update dlz zone database, > to atleast make qname problem go away
