Configuration advice for a post-8020 world
Mark Andrews
marka at isc.org
Mon Feb 13 03:29:15 UTC 2017
Named does not check that a parent zone has NS records for a child
zone on the same server. Always add delegating NS records.
As for ENT returning NXDOMAIN. Early versions of the specifications
of DNSSEC said there were no NAMES, rather than NAMES with RECORDS,
between names in a DNSSEC sorted zone. This changed the behaviour
of ENTs from NODATA to NXDOMAIN. Versions of named which supported
this specification of DNSSEC return NXDOMAIN rather than NODATA for
ENT.
It took a while to get the IETF working group to update to specification
to restore ENT.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list