On 26.1.2018 18:00, Jaap Akkerhuis wrote: > Petr Špaček writes: > > > <SNIP> > > > > An example: RFC 4033 clearly states what should be done if result of > > validation is "Bogus". Nonetheless, Unbound has "val-permissive-mode: > > yes" which enables admin to pass bogus answers. > > > Note that the default setting is "val-permissive-mode: no". It is > just a knob for all those people who want to shoot themselves in > the foot.
Thank you, that's exactly my point. The doc says what is the right thing to do in vast majority of cases (SERVFAIL for Bogus, NXDOMAIN for localhost.) and those who know what they are doing will use knobs to do whatever thay want. As usual. In other words, please do not delay documents indefinitelly just because they do not cover all conceivable use-cases. Weird stuff happens on networks, and that's why we have all the knobs. -- Petr Špaček @ CZ.NIC _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop