Re: CNAME at apex, was Re: Issue running "dig txt rs.dns-oarc.net" on 9.12

2018-03-13 Thread Tony Finch
Mark Andrews wrote: > While it will speed up things slightly it won’t avoid the issue as TTLs > vary. Oh, duh, I should have thought of that. Thanks for pointing it out :-) Tony. -- f.anthony.n.finchhttp://dotat.at/ - I xn--zr8h punycode Fisher, German Bight: Variable, becoming southeast

Re: CNAME at apex, was Re: Issue running "dig txt rs.dns-oarc.net" on 9.12

2018-03-10 Thread Mark Andrews
While it will speed up things slightly it won’t avoid the issue as TTLs vary. -- Mark Andrews > On 11 Mar 2018, at 05:30, Tony Finch wrote: > > Evan Hunt wrote: >> >> In 9.12.1 and the other upcoming maintenance releases, we've just reverted >> the change to validator.c that caused the prob

Re: CNAME at apex, was Re: Issue running "dig txt rs.dns-oarc.net" on 9.12

2018-03-10 Thread Evan Hunt
On Sat, Mar 10, 2018 at 06:30:41PM +, Tony Finch wrote: > I have said this already so I'm at risk of being a bore, but it would be > super cool if BIND could make use of the DS records (or PNEs) it gets in > referrals, instead of re-fetching them during validation. It should > provide a nice sp

Re: CNAME at apex, was Re: Issue running "dig txt rs.dns-oarc.net" on 9.12

2018-03-10 Thread Tony Finch
Evan Hunt wrote: > > In 9.12.1 and the other upcoming maintenance releases, we've just reverted > the change to validator.c that caused the problems. (That turns out to have > the exact same effect as your patch does.) Great, that will please my user, and I can use NTAs to work around the problem

Re: CNAME at apex, was Re: Issue running "dig txt rs.dns-oarc.net" on 9.12

2018-03-10 Thread Matthew Pounsett
On 10 March 2018 at 04:08, Matus UHLAR - fantomas wrote: > Cathy Almond wrote: >> >>> The rs.dns-oarc.net zone is broken because it returns a CNAME for >>> queries at the apex. >>> >> > On 09.03.18 15:23, Tony Finch wrote: > >> I just got a problem report from a user who has a few personal domai

Re: CNAME at apex, was Re: Issue running "dig txt rs.dns-oarc.net" on 9.12

2018-03-10 Thread Matus UHLAR - fantomas
Cathy Almond wrote: The rs.dns-oarc.net zone is broken because it returns a CNAME for queries at the apex. On 09.03.18 15:23, Tony Finch wrote: I just got a problem report from a user who has a few personal domains with CNAME at apex that used to work (or at least appeared to work) but no lon

Re: CNAME at apex, was Re: Issue running "dig txt rs.dns-oarc.net" on 9.12

2018-03-09 Thread Evan Hunt
On Fri, Mar 09, 2018 at 03:23:33PM +, Tony Finch wrote: > Alternatively, maybe the patch below is OK? (Based on Nick @ NNEX's > observation.) My idea is that if we have been chasing a CNAME (so are at > risk of deadlock) but we are looking for a DS (so we will query the > parent) we can go ahea