Configuration advice for a post-8020 world
Woodworth, John R
John.Woodworth at CenturyLink.com
Mon Feb 13 16:39:48 UTC 2017
> -----Original Message-----
> From: Mark Andrews [mailto:marka at isc.org]
>
> Named does not check that a parent zone has NS records for a child
> zone on the same server. Always add delegating NS records.
>
> As for ENT returning NXDOMAIN. Early versions of the specifications
> of DNSSEC said there were no NAMES, rather than NAMES with RECORDS,
> between names in a DNSSEC sorted zone. This changed the behaviour
> of ENTs from NODATA to NXDOMAIN. Versions of named which supported
> this specification of DNSSEC return NXDOMAIN rather than NODATA for
> ENT.
>
> It took a while to get the IETF working group to update to
> specification to restore ENT.
>
Mark,
Good point on NS records and thanks for the background on this. Guess
it's always better to follow the spec rather than lean on a side effect
with fingers crossed :)
/John
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
>
-- THESE ARE THE DROIDS TO WHOM I REFER:
This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
More information about the bind-users
mailing list