[Pdns-users] QNAME minimization support
Jason Tremblett
jtremblett at proofpoint.com
Fri Feb 9 22:29:56 UTC 2024
Hi @all,
I am using PowerDNS Authoritative server with the postgresql backend. I am curious if there are any plans on the server side to support QNAME minimization.
Example Zone:
$TTL 86400
sample.zone. IN SOA sample.zone. root.sample.zone. (
2024020801 ; serial = YYYYMMDDxx xx=iteration
3600 ;refresh
1800 ;retry
604800 ;expire
600 ;ttl
);
IN NS ns1.sample.com.
IN NS ns2.sample.com.
some.multi.level.entry 3600 IN A 127.0.0.1
When querying with QNAME minimization on strict, the authoritative server is queried for entry.sample.zone and returns NXDOMAIN. This causes the query to fail. From my understanding, if the server returned NODATA instead the query should continue with level.entry.sample.zone (and so on) until the proper target is reached.
This does allow fall backs in some implementations, but it seems when DNSSEC is enabled on a zone it will not fall back with some resolvers (unbound is a good example).
Thanks!
Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20240209/094bd6d6/attachment.htm>
More information about the Pdns-users
mailing list