I'm sorry, I was thinking about delegation-only option and somehow I was convinced it's the auth-nxdomain.
http://www.isc.org/software/bind/delegation-only Again sorry for confusion, my overworked mind plays tricks with me:-( Ondřej Surý On 29.3.2011, at 7:44, [email protected] wrote: >> No auth-nxdomain means: ignore A/AAAA results if RCODE is NXDOMAIN. Both are >> meant to stop various "domain helpers". > > Are you absolutely certain? If so, you should file a bug against the > bind9-doc > package, which says (in /usr/share/doc/bind9-doc/arm/Bv9ARM.ch06.html): > > auth-nxdomain > If yes, then the AA bit is always set on NXDOMAIN responses, even if > the > server is not actually authoritative. The default is no; this is a > change > from BIND 8. If you are using very old DNS software, you may need to > set > it to yes. > > Barry Margolin also said something similar on the bind-users mailing list: > https://lists.isc.org/pipermail/bind-users/2000-June/014535.html >>> I' ve also read that I should check for the auth-nxdomain option to flag >>> cashed negative responses as authoritative. >>> How can I enable or disable this feature? >> >> In named.conf, you can put: >> >> options { >> auth-nxdomain no; >> }; >> >> to disable auth-nxdomain. It's enabled by default. > > I can't seem to find any documentation supporting your statement that > it somehow changes the processing of *incoming* responses. > > Could you point me at some, please? Or do I need to RTFS? -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
