How common is it for authoritative DNS servers to not respond to queries for zones they are not authoritative for (instead of returning REFUSED)?
We changed behavior because of one TLD: .is, whose operators pre-check nameservers for .is domains, and if they don't return something, or REFUSED, you can't delegate to them. So this makes it uncommon in practice.
-
-
I wish .is would change practices, if they haven't since. Blackholing is still safer IMO.
-
R53’s shuffle sharding NS records mean that unreachability caching only targets the affected zone. On the common shared NS services it risks broader impact to other customers/zones
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.