9.18 BIND not iterated over all authoritative nameservers
Rainer Duffner
rainer at ultra-secure.de
Mon Oct 30 16:16:38 UTC 2023
> Am 30.10.2023 um 16:59 schrieb Michael Martinell via bind-users <bind-users at lists.isc.org>:
>
> Thanks to all who responded. Putting qname-minimization disabled; in named.conf resolves the issue in my testing.
>
> I did try specifying relaxed (which appears to be the default), but that didn’t work either.
>
> I agree it would be great if the far ends would make sure what they publish is correct, but it will take a large company to push them to do so.
>
I usually tell people that the other side needs to fix their stuff.
Mostly happens when people fubar their DNSSEC setup.
But this name server stuff (more often then not, it’s some Load-Balancer acting as a DNS-server)
In both cases: I usually ask them if they can be absolutely sure if the other side hasn’t been hacked?
You don’t go and try to override broken SSL certificate setups with HSTS, do you?
That said, I’m still on 9.16, too.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20231030/f234fcb2/attachment.htm>
More information about the bind-users
mailing list