Paul Vixie <[email protected]> wrote: > > um. "type forward" is a possible zone type in bind9. we do it when we > deliver DNS RBL policy zones. i was not talking about the kind of > forwarding used for recursive service.
Yes, I know that. "type forward" does not work if the server you are forwarding to is authoritative-only and if the zone has delegations. The resolver that is forwarding sends recursive queries and gets upset if the authoritative server sends a referral. Type forward will mostly work for a leaf zone (such as a DNSBL) though there might be problems if the zone contains CNAME or DNAME records. That is why the sample configuration uses type static-stub. > i do not know the recommended behaviour if one of the servers for a zone > is giving unsigned or wrongsigned answers. i do think that "servers for > the zone" should be interpreted as "statically configured, if it's a > type=forward zone in bind9". and i do think that the recommended > behaviour is, "treat it as servfail, in other words, try the next server > for the zone." my bet is, none of that is well specified and none of > those recommendations are written down anywhere even if they represent > consensus. Hmm, I thought there was something saying that resolvers should try to recover from failure, but I can't find it. Your description matches my understanding of what happens in practice. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ West Southeast Iceland: Northeasterly 7 to severe gale 9. Rough or very rough. Rain. Moderate or poor. _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
