On Fri, 7 Feb 2003, Brad Knowles wrote:
At 6:42 PM +0100 2003/02/06, Stefan Paletta wrote:
I understand that nsd (as most non-BIND servers) returns SERVFAIL for questions for which it it does have neither authoritative nor non- authoritative data (i.e. it is lame) and that this behaviour is RFC- conformant and certainly best-practice for authoritative-only servers.
Best practice? No, I would disagree most vehemently on that. If nsd is doing this, then I believe it needs to be fixed. Handing out a referral to the root zone is no more work than handing out SERVFAIL.
nsd could be configured to either hand out a referral or send SERVFAIL. bind9 will reply with REFUSED if the hints file is missing and it is configured to be authoritative only. jakob