Extended DNS Errors proposal
Tony Finch
dot at dotat.at
Mon Mar 18 11:44:19 UTC 2019
Stephane Bortzmeyer via Unbound-users <unbound-users at nlnetlabs.nl> wrote:
> Nick via Unbound-users <unbound-users at nlnetlabs.nl> wrote:
>
> > Recently I have been looking for ways to determine/differentiate
> > (from the DNS client) SERVFAIL & SERVFAIL due to DNSSEC errors.
>
> Indeed, this is a big problem, and a serious issue for the DNS in
> general, and for DNSSEC specially.
Yes.
You can distinguish between something DNSSEC and something else if you
re-query with CD=1 (e.g. `dig +cd`), but that still leaves a lot to be
desired.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Dogger: Northwest 5 or 6, becoming variable 3 or 4. Rough or very rough,
becoming moderate. Fair. Good.
More information about the Unbound-users
mailing list