queries for just a few domains fail (NXDOMAIN) for a bind 9.18 non-forwarding config ; forwarding does fix it. problem with 'my' config, or 'their' DNS ?
Mark Andrews
marka at isc.org
Wed Oct 26 00:19:57 UTC 2022
> On 26 Oct 2022, at 11:12, PGNet Dev <pgnet.dev at gmail.com> wrote:
>
> hi,
>
>> AWS are returning NXDOMAIN instead of NOERROR for empty non terminals. Do you have strict
>> qname minimisation turned on?
>
> yup, i do
>
> ...
> qname-minimization strict;
> ...
>
> only because my i understood my reads of
>
> BIND to Add QNAME Minimization
> https://www.isc.org/blogs/bind-to-add-qname-minimization/
>
> &
>
> QNAME Minimization and Your Privacy
> https://www.isc.org/blogs/qname-minimization-and-privacy/
>
> to suggest that it's a GoodIdea(tm).
QNAME minimisation is a good idea. It comes in two flavours, relaxed
and strict. Relaxed tries to cope with some breakages like NXDOMAIN
being returned from ENTs. Strict doesn’t.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list