Slavko via mailop <mailop@mailop.org> (Mo 27 Mär 2023 14:37:54 CEST): > That problem is more visible with DNSSEC and > DNS "nothing under" (sorry i don't remember exact > name nor RFC). The result is, that when _domainkey > returns NXDOMAIN, anything under it is considered > as NXDOMAIN too...
If the DNS name xxx._domainkey.example.com exists, then
_domainkey.example.com exists too. It doesn't have any data (no TXT, A,
AAA, … record). But asking for _domainkey.example.com must not return
NXDOMAIN then.
Compare the output (stripped by me)
dig _domainkey.amazon.com
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38009
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
dig _domainkey.example.com
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 44893
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
Zero answers in both cases, but the status' differ. That's the key point,
from *my* PoV.
Simple clients will report "not found / not existing" in both cases.
So from that point that's no difference.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
signature.asc
Description: PGP signature
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
