On Mon, Sep 1, 2014 at 9:37 AM, Maciej Soltysiak <[email protected]> wrote: > When deploying my own set of refused zones I opted for REFUSED rcode > because that's actually more informative and to the fact. > I'm not lying the domain doesn't exist, I'm saying I am refusing to > answer this question.
Same here. > I guess it must be very very rare that applications make a distinction > between REFUSED and NXDOMAIN. I'm not aware of any cases off hand. > That goes even lower down the IP stack. I rarely DROP packets. I > mostly send ICMP Admin prohibited. Especially for UDP traffic. I try to use a good working mix, and do answer ping requests. I think the whole "stealth" stance is not net friendly. Chris _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
