On 2021-05-12 23:30, Raymond Dijkxhoorn wrote:
It’s the authoritive nameserver giving that answer. With likely a view
or acl response. So adding dnssec would not make much of a difference
here.
so dnssec is brokken ?
auth dnsservers or not, problem is when other dns servers cache
possitive results imho, and continue keep it, while negative expires
fast, but dns servers should relly expire on soa changes no matter ttl
is not expired
i am still no expert, just trying to understand the problem
i hate to see qname minimalzion in bind9 turned on by default, while
there is no fix for this on rbldnsd
would rbldnsd update dlz in bind9 redis in someway, i know it could dump
dns data as bind9 zone, but it would be nice to see it update dlz zone
database, to atleast make qname problem go away
