return address for failed DNSSEC validation
Matus UHLAR - fantomas
uhlar at fantomas.sk
Thu Mar 11 08:29:43 UTC 2010
On 11.03.10 08:54, Gilles Massen wrote:
> Obviously there are parallels to NXDOMAIN rewriting. However, the major
> difference I see is that NXDOMAIN is a clear message, known by the OSs
> and applications, that has basically one meaning. SERVFAIL is more like
> 'didn't work. go figure.' And the good thing is that 'validation error
> rewriting' could be abandoned again if DNSSEC arrives at the
> OS/applications.
I believe that SERVFAIL rewriting would lead to the same kind of problems
NXDOMAIN rewriting leads to. Imho, simply DON'T.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Save the whales. Collect the whole set.
More information about the bind-users
mailing list