On Jul 11, 2022, at 09:49, Jan Komissar (jkomissa) <jkomi...@cisco.com> wrote:
> I think a non-positive reply is any reply that is not directly related to the > DNS query itself. NOERROR and NXDOMAIN are (positive) responses that are > directly related, as they answer the query. Oh, I agree with that. And a name error is cacheable which in this context surely illustrates that it does not represent a failure to send a query or receive a response. > All other response codes are related to other circumstances, such as network > issues, ACLs, misconfigurations, and misformatted packets. I suppose there's an element of this that depends on the intent and purpose of the query which is not necessarily evident. A query that is sent in order to test an ACL and elicits a REFUSED response might be positive, if your goal is to confirm that the query is blocked. I appreciate that's almost certainly not the intention from the perspective of unbound or its administrator. Joe
