18 Zář
2024
18 Zář
'24
15:15
On 18/09/2024 15.02, Stephane Bortzmeyer wrote:
It seems a bad idea to remove all the answers if there
is even one RFC
1918 address in the set. (Unless may be if it is signed.)
I'm not sure. The design choice at that point was to avoid modifying
any record sets and instead just "fail safely". Though maybe the main
reason was that it was simpler to implement in our case if it should
include avoiding this case of referrals to local IPs.
Either way, those delegations do seem in disarray. dig + trace also
complains with lines like
;; BAD (HORIZONTAL) REFERRAL
;; communications error to 10.52.192.140#53: network unreachable