[Pdns-users] QNAME minimization support

Jason Tremblett jtremblett at proofpoint.com
Tue Mar 5 21:26:10 UTC 2024 

Thanks for this information!!!  This did in fact resolve the issues we were seeing with QNAME minimization.

From: Otto Moerbeek <otto at drijf.net>
Sent: Saturday, February 10, 2024 3:20 AM
To: All about using and deploying powerdns <pdns-users at mailman.powerdns.com>
Cc: Les Barstow <lbarstow at proofpoint.com>; Jason Tremblett <jtremblett at proofpoint.com>
Subject: Re: [Pdns-users] QNAME minimization support

On Sat, Feb 10, 2024 at 10: 41: 12AM +0100, Otto Moerbeek via Pdns-users wrote: > On Fri, Feb 09, 2024 at 08: 39: 16PM -0800, Ask Bjørn Hansen via Pdns-users wrote: > > > > > > > > On Feb 9, 2024, at 14: 30, Jason Tremblett


On Sat, Feb 10, 2024 at 10:41:12AM +0100, Otto Moerbeek via Pdns-users wrote:



> On Fri, Feb 09, 2024 at 08:39:16PM -0800, Ask Bjørn Hansen via Pdns-users wrote:

>

> >

> >

> > > On Feb 9, 2024, at 14:30, Jason Tremblett via Pdns-users <pdns-users at mailman.powerdns.com<mailto:pdns-users at mailman.powerdns.com>> wrote:

> > >

> > > When querying with QNAME minimization on strict, the authoritative server is queried for entry.sample.zone and returns NXDOMAIN.  This causes the query to fail.

> >

> > That’s going to cause problems without QNAME minification, too.

> >

> > I think the database backend requires you to add rows with empty non terminals for this.

>

> Likely the zone is not rectified.

>

>           pdnsutil rectify-zone ZONE

> or

>

>           pdnsutil rectify-all-zones

>



To elaborate a bit: PowerDNS Authoritative Server certainly supports

resolvers that do strict query minimization, but only if the data in

the zone it right.  Rectifying includes adding records for empty

non-terminals in the appropriate places, so that a proper empty

NOERROR (aka NODATA) is returned if there are child records.



After editing a zone, a rectify is needd. When using the API that is

taken care of by default (on a reasoably modern version). But not if

you edit the DB by hand.



             -Otto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20240305/c1eb82e8/attachment.htm>

More information about the Pdns-users mailing list