On 4/19/25 05:01, Mark Andrews wrote:
I would insecurely “delegate”” internal back to the root servers. Delegating to “.” produces a broken configuration. If the traffic gets too big internal can be redirected to sacrificial servers as is done for RFC1918 reverses.
Off-list, Mark clarified that "broken configuration" means SERVFAIL here. While correct, this may be a legitimate result for a private question asked in a public context, and maybe even a desirable outcome (so clients notice their query leak more easily). Cheers, Peter -- https://desec.io/ _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
