BIND 9.9.0 is now available
Phil Mayers
p.mayers at imperial.ac.uk
Fri Mar 2 11:33:17 UTC 2012
On 02/03/12 10:13, Matus UHLAR - fantomas wrote:
> On 29.02.12 17:53, Michael McNally wrote:
>> NXDOMAIN redirection is now possible. This enables a resolver
>> to respond to a client with locally-configured information
>> when a query would otherwise have gotten an answer of "no
>> such domain". This allows a recursive nameserver to provide
>> alternate suggestions for misspelled domain names. Note that
>> names that are in DNSSEC-signed domains are exempted from
>> this when validation is in use. [RT #23146]
>
> just by signing? so I can spare all our domains from being misused by
> such shit just by signing them?
>
For the "bind" implementation, yes.
For the zillions of other crappy DNS servers and providers that to
NXDOMAIN redirection, probably not.
(If the *clients* did DNSSEC-checking, then yes)
More information about the bind-users
mailing list