On Sun, Jan 22, 2017 at 07:31:35PM -0800, Dave Taht wrote: > From a brief conversation with the bind9 maintainer:
BIND is far from being a normative DNS reference, and I certainly do not believe that "BIND does it" is a good reason for anything. Quite the contrary. However, this discussion has been happening for a while now; last thing Simon Kelley said about it was that SERVFAIL in a DNSSEC context meant that the upstream server cannot validate the record's chain of trust -- meaning that this particular SERVFAIL is not recoverable. In that case you don't want to waste time spamming other resolvers just to get the same failure. Where are you getting SERVFAIL in this case? Is it a DNSSEC failure? khm _______________________________________________ Dnsmasq-discuss mailing list [email protected] http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
