On Tue, May 29, 2018 at 11:52:23AM -0400, John Levine wrote: > >You mean, when a server that is not authoritative for anything > >nevertheless gets a query with RD==0? I think that's fine. How else > >do you debug a cache? > > I'm guessing that it's intended to mean return the answer if you > already have it. If so, we should document that. I see that unbound > makes it an option but normally refuses any RD=0 queries.
When you're doing support and someone is having a problem, one good thing to do is dig @targetresolver +norec to see what it gives you, yes. A difference between that and what you get at the authoritative server is often the explanation for the trouble. (One fun example: an ISP on the wrong end of a slow pipe in a certain country was doing unauthorized zone transfers for a TLD's zone. When TSIG became required for the zone transfers, their transfers were suddenly failing. Instead of fixing it or alerting anyone, they just kept restarting BIND to use the old zone. It took quite a lot of effort to sort that out, and determining how caches were getting so much bad data in them was a key to figuring it out.) Best regards, A -- Andrew Sullivan a...@anvilwalrusden.com _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
