Florian Weimer wrote on 2019-11-11 07:17:
* James Stevens:
Would it be reasonable for an authoritative-only DNS Server to reject
/ ignore / throttle requests with RD=1 ?
It confuses people who try to debug issues with the dig tool. Some
servers already do it.
Some system adminstrators want to list authoritative name servers in
/etc/resolv.conf for some reason, and that would break too.
when presented with a choice of what to break, i find the best way
forward to be, break something highly visible, and break it early.
so, answering REFUSED when authoritative-only and receiving RD=1, and
answering REFUSED when recursive-only and receiving RD=0, and treating
AA=0 as "lame" when doing recursion, all lead to a choppy present but a
smoother future.
--
P Vixie
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
