How to allow recursion on my own (cross) domains only after upgrade to 9.16.27 (lack of additional-from-auth option) ?
Michael Richardson
mcr at sandelman.ca
Mon Apr 18 17:09:09 UTC 2022
Mark Andrews <marka at isc.org> wrote:
> Unless you are pointing recursive clients directly at your
> authoritative servers there is no need. The recursive servers will
> lookup the CNAME target themselves. Additionally recursive servers just
> process the CNAME and ignore the rest of the response to prevent cache
> poisoning if there is more there.
I think that implicit in Mark's answer is that the additional data that was
being returned was just wasted bytes, since it could never be trusted by
clients.... so why waste bytes. Thus the change?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 511 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220418/ad194a25/attachment.sig>
More information about the bind-users
mailing list