> I'm fairly sure they would say that behavior is extremely broken. It is so broken that I doubt it's actuallly happening other than in obscure corner cases involving ancient hardware with a thick layer of dust.
Some universities' resolvers return NOERROR instead of NXDOMAIN (samba4 server used as AD, and resolvers) On others, you must wait for ~30s a SERVFAIL instead of NXDOMAIN. (I don't have the spec) And of course, all UDP packet port 53 with a different address destination than the official resolvers' IP are dropped Olivier De: "John R Levine" <jo...@taugh.com> À: "dmarc" <dmarc@ietf.org> Cc: "Murray S. Kucherawy" <superu...@gmail.com> Envoyé: Vendredi 15 Mars 2024 02:45:01 Objet: Re: [dmarc-ietf] Problem with multiple policies, different alignment It appears that Murray S. Kucherawy <superu...@gmail.com> said: >It's alarming to hear that NXDOMAIN replies are never issued or (perhaps >more likely) are dropped by some software or firewalls. It completely >prevents any benefits of negative caching. I wonder what the DNS community >might have to say about this practice. I'm fairly sure they would say that behavior is extremely broken. It is so broken that I doubt it's actuallly happening other than in obscure corner cases involving ancient hardware with a thick layer of dust. I mean, if you don't get NXDOMAIN, every time you mistype a domain in a URL or an email address, your browser or mail server will just sit there indefinitely. Seems unlikely. R's, John _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc