> I'm sorry, I was thinking about delegation-only option and somehow I was > convinced it's the auth-nxdomain. > > http://www.isc.org/software/bind/delegation-only > > Again sorry for confusion, my overworked mind plays tricks with me:-(
Ah, it all makes sense! (And neither of us are completely crazy.) Yes, that feature *does* address the issue, and in a much better manner. For anybody reading this in the BTS, bind9 lets you say "this domain's top-level servers should ONLY contain delegations (NS & SOA records) to child name servers. Any other information is a contemptible lie which should be ignored." There's also an option to enable it for ALL top-level domains, with an exception list for a few (minor national domains) which actually do return data directly. That avoids the "dickheads" patch's problem of keeping an IP address list up to date. So yes, the problem is fixed and the bug can be closed. Thanks for your help! -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
