> No auth-nxdomain means: ignore A/AAAA results if RCODE is NXDOMAIN. Both are
> meant to stop various "domain helpers".
Are you absolutely certain? If so, you should file a bug against the bind9-doc
package, which says (in /usr/share/doc/bind9-doc/arm/Bv9ARM.ch06.html):
auth-nxdomain
If yes, then the AA bit is always set on NXDOMAIN responses, even if
the
server is not actually authoritative. The default is no; this is a
change
from BIND 8. If you are using very old DNS software, you may need to
set
it to yes.
Barry Margolin also said something similar on the bind-users mailing list:
https://lists.isc.org/pipermail/bind-users/2000-June/014535.html
>> I' ve also read that I should check for the auth-nxdomain option to flag
>> cashed negative responses as authoritative.
>> How can I enable or disable this feature?
>
> In named.conf, you can put:
>
> options {
> auth-nxdomain no;
> };
>
> to disable auth-nxdomain. It's enabled by default.
I can't seem to find any documentation supporting your statement that
it somehow changes the processing of *incoming* responses.
Could you point me at some, please? Or do I need to RTFS?
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
