26 Úno
2014
26 Úno
'14
11:08
Maren,
On 26. 2. 2014, at 10:05, Maren S. Leizaola <leizaola(a)hk.com> wrote:
Johan,
I know bind maybe wrong, but they are the main dns server out there. I do not
wish to use bind as you have a much better server but I would like Knot to behave like
bind when it comes to Glue records. They day bind stops delivering the Glue records we can
turn it off. I am adverse to risk in this situation and I prefer to follow the herd.
I am not asking you to change how the default Knot works. Would it be possible that you
give an option which you can highly discourage people to use which allows to copy
bind's behavior?
I am sorry, but what you are really asking is to add an option to add useless records into
the response just for the cosmetic reasons, since those records won't be used by any
resolver out there. Well unless the resolver is really outdated and thus wrong, insecure
and susceptible to poisoning attacks.
We (as the CZ.NIC team behind) would be willing to modify the Knot DNS behaviour if we had
a clear case when the default behaviour causes real operational problems. And we are not
aware of such scenario, because even the really old and outdated resolvers are able to
cope with the response and request the IP addresses of the resolvers.
I am sorry to turn you down like this, but we would like to make decisions based on the
DNS protocol operations and not based on how the (k)dig output looks like. And we are
quite sure that we got this right.
Ondrej
--
Ondřej Surý -- Chief Science Officer
-------------------------------------------
CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
Americka 23, 120 00 Praha 2, Czech Republic
mailto:ondrej.sury@nic.cz http://nic.cz/
tel:+420.222745110 fax:+420.222745112
-------------------------------------------