I'm curious whether the domain in question had a DS in the parent zone?
On 11/01/11 4:52 PM, "Chris Thompson" <[email protected]> wrote: > On Jan 11 2011, Alexander Gall wrote: > >> It appears that NODATA responses for qtype=DNSKEY are not cached if >> DNSSEC validation is enabled (tested with 9.7.2-P3). What is the >> rationale behind this? > > I confirm the effect (same release). Or rather, the NODATA does get cached, > as shown by a "!DNSKEY" count in the statistics display, but a new request > goes back to the authoritative servers again anyway, as shown by the outgoing > queries count and by the SOA in the authority section of the NODATA response > having its original value. -- Kal Feher _______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
