Kre;
> | When resolving, BIND 8 and 9 do reject
> | all records that are not within the domain whose authoritative
> | qservers are being queried.
>
> That's broken, and should be fixed. If it really is as you have
> explained it, it guarantees that some perfectly legal DNS configurations
> can never be properly resolved.
>
> | If they did not, we would
> | be seeing much more cases of cache poisoning that we do now.
>
> How? No-one is suggesting that these records be put in the cache.
I have been suggesting that these records be put in a referral-local
cache content of which is not used for usual A query nor glue A of
other referral points.
Other approaches are broken w.r.t. performance.
Masataka Ohta
