Slavko via mailop <mailop@mailop.org> (Mo 27 Mär 2023 14:37:54 CEST): > That problem is more visible with DNSSEC and > DNS "nothing under" (sorry i don't remember exact > name nor RFC). The result is, that when _domainkey > returns NXDOMAIN, anything under it is considered > as NXDOMAIN too...
If the DNS name xxx._domainkey.example.com exists, then _domainkey.example.com exists too. It doesn't have any data (no TXT, A, AAA, … record). But asking for _domainkey.example.com must not return NXDOMAIN then. Compare the output (stripped by me) dig _domainkey.amazon.com ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38009 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 dig _domainkey.example.com ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 44893 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 Zero answers in both cases, but the status' differ. That's the key point, from *my* PoV. Simple clients will report "not found / not existing" in both cases. So from that point that's no difference. Best regards from Dresden/Germany Viele Grüße aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --------------- key ID: F69376CE -
signature.asc
Description: PGP signature
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop