On Feb 22, 2013, at 3:47 PM, P Vixie <[email protected]> wrote: > Sounds like you want it to return the nxd with no 2308 proof which means most > receives will cache it because the erroneous delegation isn't present. Bind > calls this a minimal response I think. … Paul
Hmmm… 'minimal-responses yes' doesn't seem to change the response -- the ARM says: "If yes the server will only add records to the authority and additional data sections when they are required, for instance, delegations and negative responses. This may improve the performance of the server by reducing outgoing data volumes. The BIND default is no. This statement may be used in a view or a global options clause." Couldn't find any other hopeful sounding options, but will look a little more / poke the code... I tried testing anyway, but answer didn't seem to get cached. Did it all in a bit of a rush, so entirely possible my testing is flawed (it often is :-P) I have a box configured with 'minimal-responses yes' at minimal.superficialinjurymonkey.com. (204.194.22.106) if folk want to test against it… W > > Joe Abley <[email protected]> wrote: > Hi Paul, > > That was our starting point; however, it turned out that resolvers wouldn't > cache the name error, I think because the SOA returned with the name error in > the authority section was clearly bogus (i.e. conflicted with the root zone > SOA presumably already cached by the resolver client). > > I too have always preferred the idea of specifying configuration for standard > software over custom code (neat though the custom code Warren is running is). > We just couldn't figure out how to do it. > > Did we miss something? > > > Joe > > Aue Te Ariki! He toki ki roto taku mahuna! > > On 2013-02-22, at 16:39, P Vixie <[email protected]> wrote: > >> I'd like to be able to implement this with a standard authority server, no >> special code, just a root zone that's empty other than its apex. So please >> no requirements for the soa other than that it be at or above the qname. >> >> Paul >> >> Warren Kumari <[email protected]> wrote: >> >> On Feb 22, 2013, at 6:57 AM, Paul Vixie <[email protected]> wrote: >> >> >> if we can't return nxdomain, then i'm opposed to the omniscient spec, >> >> and we should continue as before, enumerating on the responding servers >> every zone to which we wish to delegate. >> >> >> If the WG consensus is NXDOMAIN, we can do that. *We* felt that NOERROR was >> more appropriate, but 'its entirely possible we are wrong. >> >> >> W >> >> (If folk feel sufficiently strongly we *could* even strip a label off, so >> that the synthesized SOA is not the same as the NXD. *This* feel really >> hacks, but putting it out there...) >> >> noerror/nodata is the wrong answer. >> >> >> DNSOP mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/dnsop >> >> >> >> -- >> "I think perhaps the most important problem is that we are trying to >> understand the fundamental workings of the universe via a language devised >> for telling one another when the best fruit is." --Terry Prachett >> >> >> >> >> DNSOP mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/dnsop >> >> -- >> Sent from my Android phone with K-9 Mail. Please excuse my brevity. > > -- > Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- Do not meddle in the affairs of wizards, for they are subtle and quick to anger. -- J.R.R. Tolkien _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
