Hi, The deny-any was implemented because users asked for that. The patch is very good and I have incorporated it, enabled by default. Do you think the the deny-any option can be removed or have that control this behaviour? Best regards, Wouter On 12/19/18 4:51 PM, Daisuke HIGASHI wrote:> Hi, > > I posted a (very simple) patch implementing draft-00 spec (answers > subset of available RRsets)?to nsd-users maling list in 2016. But it was > not included to mainline.? > > ? https://open.nlnetlabs.nl/pipermail/nsd-users/2016-February/002234.html > > I don?t know whether ?NSD implementation? noted in draft-07 correnponds > to my patch. > > Stephane Bortzmeyer <bortzmeyer at nic.fr <mailto:bortzmeyer at nic.fr>>: > > Internet Draft draft-ietf-dnsop-refuse-any-07, soon RFC 8482, claims > that "An implementation of the subset-mode response to ANY queries was > implemented in NSD 4.1 in 2016." It is not clear to me how it is > implemented. I see in the code > > > _______________________________________________ > nsd-users mailing list > nsd-users at NLnetLabs.nl > https://open.nlnetlabs.nl/mailman/listinfo/nsd-users >-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20190124/a39c85ae/attachment.bin>
Hi, Wouter Thank you for applying patch. For simplicity refuse-any option in NSD should be removed for future. Only concern is that users specifying refuse-any option in their nsd.conf will be surprised that they can?t start nameserver after upgrading NSD... Regards, Daisuke Higashi Wouter Wijngaards <wouter at nlnetlabs.nl>:> Hi, > > The deny-any was implemented because users asked for that. The patch is > very good and I have incorporated it, enabled by default. Do you think > the the deny-any option can be removed or have that control this behaviour? > > Best regards, Wouter > > On 12/19/18 4:51 PM, Daisuke HIGASHI wrote: > > Hi, > > > > I posted a (very simple) patch implementing draft-00 spec (answers > > subset of available RRsets) to nsd-users maling list in 2016. But it was > > not included to mainline. > > > > > https://open.nlnetlabs.nl/pipermail/nsd-users/2016-February/002234.html > > > > I don?t know whether ?NSD implementation? noted in draft-07 correnpond > > to my patch. >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20190126/9eef2e80/attachment.htm>
Am 24.01.19 um 14:54 schrieb Wouter Wijngaards:> The deny-any was implemented because users asked for that. The patch is > very good and I have incorporated it, enabled by default. Do you think > the the deny-any option can be removed or have that control this behaviour?before I loose overview: deny-any mean the configuration option "refuse-any" available since nsd-4.1.21 which currently set the TC bit on UDP and return all RR on TCP. with Daisuke's patch NSD would answer to ANY queries with a subset of available RRsets. -> only on UDP? or no matter which transport? -> a fixed subset or a random subset? Andreas