New to Bind: Need Catch-All for domain parking
Mark Andrews
Mark_Andrews at isc.org
Wed Nov 23 02:53:09 UTC 2005
> Hmmm, that's an interesting wrinkle, that didn't occur to me. RFC 2308
> (i.e. you :-) says that the SOA of "the zone" must be returned as a
> negative caching record, where from context we infer that "the zone"
> refers to whatever zone the responding server is authoritative for. In
> this case, the server is authoritative for the root zone, albeit not
> publically known as such. So, according to what letter-of-the-law would
> a cache reject the negative caching record? I mean, does the owner of an
> SOA RR, when it's really *not* an SOA RR -- it's a negative caching
> record masquerading as an SOA RR -- really matter, functionally? It's
> not like there can be multiple negative caching records: if that were
> possible, I could see that it might be necessary to use the owner names
> to differentiate them.
>
> Or is this more of a Best Practice kind of thing, i.e. to reject things
> that look unusual and/or suspicious, in the name of safety and/or security?
>
>
> - Kevin
It's a indication that something is misconfigured.
Unfortunately history has show that accepting badness like
this just leads to problems in the future.
Basically the OP want's to be lazy. That laziness will
cause problems for many people.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list