On 08/20/2018 10:14 AM, Lee wrote:
On 8/19/18, Mark Andrews wrote:
nslookup applies the search list by default and doesn’t stop on a NODATA
response.
Some versions of nslookup have been modified by OS vendors to use /etc/hosts
for address lookups.
nslookup doesn’t display the entire response
On 08/20/2018 09:00 AM, Grant Taylor via bind-users wrote:
On 08/20/2018 05:23 AM, Tony Finch wrote:
If the local root zone gets corrupted somehow (maliciously or
otherwise) the usual setup cannot detect a problem, but it'll cause
DNSSEC validation failures downstream. The normal resolver /
Lee wrote:
>
> So... it seems like the bottom line is that dig is better but nslookup
> ain't all that bad
Be careful though, all bets are off if you find yourself using something
that claims to be nslookup but which isn't the BIND9 version.
Tony.
--
f.anthony.n.finchhttp://dotat.at/
North
On 8/19/18, Mark Andrews wrote:
> nslookup applies the search list by default and doesn’t stop on a NODATA
> response.
>
> Some versions of nslookup have been modified by OS vendors to use /etc/hosts
> for address lookups.
>
> nslookup doesn’t display the entire response by default.
I learned
On 08/20/2018 05:23 AM, Tony Finch wrote:
If the local root zone gets corrupted somehow (maliciously or otherwise)
the usual setup cannot detect a problem, but it'll cause DNSSEC validation
failures downstream. The normal resolver / validator algorithm is
more robust.
The new mirror zone
Doug Barton wrote:
>
> How, specifically, is DNSSEC affected by the validating resolver having a
> local copy of the root zone?
If the local root zone gets corrupted somehow (maliciously or otherwise)
the usual setup cannot detect a problem, but it'll cause DNSSEC validation
failures downstream.
6 matches
Mail list logo