> Tony Finch <mailto:[email protected]> > Wednesday, November 12, 2014 7:30 AM > Paul Vixie <[email protected]> wrote: >> that's either an argument for listing multiple servers, the first being >> on the loopback, the other(s) being real global root name servers; > > That would probably work. > >> or, instead of telling bind9 "forward only", tell it "forward first". > > That would not work: you can't forward to an authoritative server.
um. "type forward" is a possible zone type in bind9. we do it when we deliver DNS RBL policy zones. i was not talking about the kind of forwarding used for recursive service. >> the other thread on this draft reached a similar end when considering >> what happens when the zone times out. these are just different forms of >> data-unavailablility, which can *always* be forced. > > Right, but can you recover from data-unavailability without user > intervention? What if the local copy of the zone is corrupted rather > than just stale? i do not know the recommended behaviour if one of the servers for a zone is giving unsigned or wrongsigned answers. i do think that "servers for the zone" should be interpreted as "statically configured, if it's a type=forward zone in bind9". and i do think that the recommended behaviour is, "treat it as servfail, in other words, try the next server for the zone." my bet is, none of that is well specified and none of those recommendations are written down anywhere even if they represent consensus. -- Paul Vixie
_______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
