Moin! On 06.09.2012, at 19:43, "Wessels, Duane" <[email protected]> wrote: > I wouldn't say our setup assumes only one recursive in the path, but it > certainly > does assume the validator will retry. In our tests most implementations do > retry. > Nominum doesn't of course, and we have numerous reports that Unbound doesn't > always > retry. So either its version-dependent or something else is going on. The protocol doesn't mandate a resolver to retry, so it's not a requirement and the white listing that you do for Vantio also only works in the case where you can query the resolver inbound from the Internet on the query source IP. Something that you can not take for granted and the reason why the resolver behind my home gateway did not work.
The approach from Matthäus described earlier in the thread using javascript and two pics, one validating and one not seems cleaner to me and can deal with all the cases Olafur, myself and others had problems with. So long -Ralf --- Ralf Weber Senior Infrastructure Architect Nominum Inc. 2000 Seaport Blvd. Suite 400 Redwood City, California 94063 [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
