On 02. 12. 25 0:11, Jesus Cea wrote:
"fake" SOA in the ADDITIONAL section of the NXDOMAIN reply for allowing negative caching.
FTR SOA in ADDITIONAL section is only informative - basically saying "this RPZ blocked it".
For negative caching you would have to put SOA into AUTHORITY section - with correct zone name as SOA RR owner. Using random name might cause retry storm from clients (if particular client implementation checks things).
Figuring out correct zone cut to use as SOA RR owner might not be worth the hassle. Just saying.
-- Petr Špaček Internet Systems Consortium -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list.
