It appears that Stephane Bortzmeyer <[email protected]> said: >[localhost. nobody.invalid. 1 3600 1200 604800 10800] : 59 occurrences
That's what Unbound returns. Comments in the config file say that it by default returns an empty stub for a bunch of names like .test and .invalid so the queries aren't set upstream. You can use config options to drop the query or return NXDOMAIN or REFUSED. This seems somewhere between a good idea and wrong. R's, John $ dig invalid. a +dnssec ; <<>> DiG 9.10.6 <<>> invalid. a +dnssec ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18329 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 1232 ;; QUESTION SECTION: ;invalid. IN A ;; AUTHORITY SECTION: invalid. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800 _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
