DNSSEC signing of an internal zone gains nothing (unless??)
Peter
pmc at citylink.dinoex.sub.org
Wed Aug 3 10:56:25 UTC 2022
On Wed, Aug 03, 2022 at 04:49:35PM +1000, Mark Andrews wrote:
! Additionally authoritative servers for a zone are supposed to answer queries with RD=1 set with RA=0 if the client is not being offered recursion. REFUSED is the wrong answer of the query name involves zones you serve. Only if you are a recursive only server should you be considering REFUSED.
I am seeing queries for example.com (literally). I didn't talk about
people querying my own domains. Those seem to get their answer, plus
"recursion desired but ..."
-- PMc
More information about the bind-users
mailing list