[Pdns-users] DKIM NXDOMAIN
Gert van Dijk
gertvdijk+pdns-users at gmail.com
Mon Apr 15 11:40:40 UTC 2019
On Mon, Apr 15, 2019 at 1:17 PM Bart Mortelmans <powerdns at bart.bim.be>
wrote:
> It seems like this doesn't cause any problems in the real world, only in a
> test like the one on internet.nl. But as far as I can tell, it's not okay
> with RFC8020.
>
Very interesting read, thanks. I was looking for such a rule in other RFCs
while writing a reply to Steffan, but it appears to be in a separate RFC on
its own. :-)
The important take from that RFC seems to be:
> Since the domain names are organized in
> a tree, it is a simple consequence of the tree structure:
> nonexistence of a node implies nonexistence of the entire subtree
> rooted at this node.
FWIW, PowerDNS is not stating to be compliant with that RFC. [1] :-(
However, it is mentioned on the Hello DNS explanatory pages. [2]
[1]: https://www.powerdns.com/compliance.html
[2]:
https://powerdns.org/hello-dns/basic.md.html#that'sitforbasicdns!/furtherreading/rfc8020:nxdomain:therereallyisnothingunderneath
> And I tested some other nameservers (Google cloud DNS, Dyn.com and Yadifa
> happened to be easy to test for me) and I can confirm that they all do
> return "NOERROR" instead of "NXDOMAIN" if a sub-host exists.
>
> The situation still seems to be the same in the upcoming PowerDNS 4.2 with
> MySQL backend (I didn't test other backends)
>
I'm running PowerDNS Authoritative 4.2.0-rc1 with the BIND Backend and it
responds as it should, without having any RR on name '_domainkey' for the
zone! The domain passes the test just fine.
Perhaps this is specific to the backend?
> The only solution to this "problem" (or to get through the test...) I have
> found was to create any other record type on _domainkey (obviously not
> CNAME or NS, but any other record type should be okay).
>
Hmm, meh.
@Steffan: What version of PowerDNS & backend are you using?
HTH
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20190415/29b8fac7/attachment.html>
More information about the Pdns-users
mailing list