Am 2022-12-30 11:21, schrieb Benoît Panizzon via swinog:
Hi Markus
the name server from swizzonic is not supposed to provide you with a
answer to all the queries.
I guess if I point to our recursive validating caching NS and it does
not possess this data in it's cache, it will start by following from
the root by asking for _.numberportability.ch to avoid revealing which
host it is exactly looking for until it reaches the authoritative DNS
for that zone and then ask this one directly for the desired RR.
I guess this is where something is breaking the chain.
I also don't see why the swizzonic DNS which is the authoritative
primary should not answer to all queries.
If I want to or need to ask the (supposedly) authoritative server(s)
about a domain, I add +norecurs.
I believe, if you disable recursive queries on the authoritative-server,
it will not answer them, even if it technically could.
Does DNSSEC change that?
_______________________________________________
swinog mailing list -- swinog@lists.swinog.ch
To unsubscribe send an email to swinog-le...@lists.swinog.ch