[Dnsmasq-discuss] Bug forward upstream SERVFAIL

Kurt H Maier khm at sciops.net
Mon Jan 23 06:57:22 GMT 2017


On Sun, Jan 22, 2017 at 07:31:35PM -0800, Dave Taht wrote:
> From a brief conversation with the bind9 maintainer:

BIND is far from being a normative DNS reference, and I certainly do
not believe that "BIND does it" is a good reason for anything.  Quite
the contrary.

However, this discussion has been happening for a while now; last thing
Simon Kelley said about it was that SERVFAIL in a DNSSEC context meant
that the upstream server cannot validate the record's chain of trust --
meaning that this particular SERVFAIL is not recoverable.  In that case
you don't want to waste time spamming other resolvers just to get the
same failure.

Where are you getting SERVFAIL in this case?  Is it a DNSSEC failure?

khm



More information about the Dnsmasq-discuss mailing list