[Pdns-users] pdns-recursor suddenly started to answer with content from . zone instead of what is configured in forward.zones.

Thomas Mieslinger miesi at mail.com
Wed Sep 22 06:50:27 UTC 2021


Hi Peter,

Am 21.09.21 um 18:20 schrieb Peter van Dijk via Pdns-users:
> Hello Thomas,
>
> On Tue, 2021-09-21 at 13:53 +0200, Thomas Mieslinger via Pdns-users
> wrote:
>> dog.                    80 IN NSEC domains. NS DS RRSIG NSEC
>
> This looks like aggressive NSEC reuse (
> https://datatracker.ietf.org/doc/html/rfc8198) and/or NXDOMAIN: There
> Really Is Nothing Underneath (
> https://datatracker.ietf.org/doc/html/rfc8020).
>
> Can you try aggressive-nsec-cache-size=0 (on 4.5.1) and/or
> nothing-below-nxdomain=no (4.3.5 and 4.5.1) please?

Thanks for your hints. Could this also be caused by root-nx-trust?

I will check nothing-below-nxdomain and root-nx-trust first.

Cheers

Thomas


More information about the Pdns-users mailing list