Mark Andrews wrote: > I would say CNAME/DNAME with a week long ttl to one of the non RFC > 1918 or ULA default local zones but IANA has been tardy about getting > the insecure delegations in place to break the DNSSEC chains of > trust. That way default local zone aware recursive servers would > answer negatively to the querier and you have a long lived cached > record to slow the rate of queries from the recursive servers. > > e.g. 0.in-addr.arpa.
Not all default local zone aware recursive servers behave this way. Unbound in particular does not search its local zones when looking up CNAME/DNAME targets. -- Robert Edmonds _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
