Our draft references and repeats RFC 8020, which asserts that "when a DNS resolver receives a response with a response code of NXDOMAIN, it means that the domain name which is thus denied AND ALL THE NAMES UNDER IT do not exist."
My testing indicates that this is not correct. NXDOMAIN means that no resource records exist for the specified domain name. The domain may contain subdomain nodes which may contain resource records. My testing performed on Windows. Can someone else test this and report your results? DF
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
