No auth-nxdomain means: ignore A/AAAA results if RCODE is NXDOMAIN. Both are meant to stop various "domain helpers".
Ondřej Surý On 29.3.2011, at 3:18, [email protected] wrote: >> This has been already implemented in any Bind9 as: >> >> options { >> auth-nxdomain no; >> }; > > Um, huh? How does that have anything to do with blocking DNS hijacking? > > "auth-nxdomain no" means "do not set the Authoritative Answer bit on > NXDOMAIN results". The "dickheads" patch says "the following IP addresses > are DNS hijacking servers, so translate any A query that returns them > to NXDOMAIN". > > Did something get mixed up? > > Thank you! -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
