In message <[email protected]>, Robert Edmonds writes: > Mark Andrews wrote: > > I would say CNAME/DNAME with a week long ttl to one of the non RFC > > 1918 or ULA default local zones but IANA has been tardy about getting > > the insecure delegations in place to break the DNSSEC chains of > > trust. That way default local zone aware recursive servers would > > answer negatively to the querier and you have a long lived cached > > record to slow the rate of queries from the recursive servers. > > > > e.g. 0.in-addr.arpa. > > Not all default local zone aware recursive servers behave this way. > Unbound in particular does not search its local zones when looking up > CNAME/DNAME targets.
Then it is not RFC 103[45] compliant. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
