[nsd-users] REFUSED vs SERVFAIL
Anand Buddhdev
anandb at ripe.net
Sun Jan 19 10:21:38 UTC 2014
Hi NSD developers and users,
I've noticed a difference in response behaviour between NSD, and Knot
and BIND, for queries for zones not configured.
If I query either BIND or Knot for a zone that is not configured at all,
they give me REFUSED. However, if they are configured for a zone, but it
has not loaded for some reason (failure to parse, expired, etc), then
they give me SERVFAIL for that zone.
On the other hand, NSD gives me SERVFAIL for a zone that is not even
configured. It also gives SERVFAIL if the zone did not load properly.
To me, BIND and Knot's responses seem more logical. They distinguish
between the cases where a zone has simply not been configured, versus
the case where the zone has gone bad for some reason. With NSD, one
can't tell. Is there a reason NSD returns SERVFAIL for unconfigured zones?
Anand
More information about the nsd-users
mailing list