On 10 March 2018 at 04:08, Matus UHLAR - fantomas <uh...@fantomas.sk> wrote:
> Cathy Almond <cat...@isc.org> wrote: >> >>> The rs.dns-oarc.net zone is broken because it returns a CNAME for >>> queries at the apex. >>> >> > On 09.03.18 15:23, Tony Finch wrote: > >> I just got a problem report from a user who has a few personal domains >> with CNAME at apex that used to work (or at least appeared to work) but >> no longer do. >> >> I've said that the domains are misconfigured, but since this is a >> relatively widespread misconfiguration, I think it's likely to cause >> more complaints. Tiresome. >> > > it's the very common result of misconfiguration that something sometimes > does not work, while sometimes it does. > Apex CHAMEs, in particular, have nondeterministic failure modes. In that, each resolver deals differently with this misconfiguration, since by definition there is no correct way to deal with it. Some resolvers find a way to gloss over the problem, and others fail hard making the domain name and everything below it unresolvable for the TTL of either the apex NS set or the TTL of the CNAME itself, depending on which way it breaks. Best to just stop doing that so that whether the domain works doesn't depend on which resolver you're trying to use.
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
