Re: Verisign fix

Paul Vixie wrote:
>>... We are screwed because we no longer cache data for .com, etc
>>requiring recursive lookups for everything. Am I misunderstanding how
>>this will work?
>
>
> yes, you are. use of the delegation-only feature does not prevent caching.
>

Uhh... this seems a bit odd - I can no longer query for NS records from
the root:

dlugo@spot> dig ns stk.com

; <<>> DiG 9.2.2rc1 <<>> ns stk.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21648
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;stk.com. IN NS

;; Query time: 274 msec
;; SERVER: 192.168.7.1#53(192.168.7.1)
;; WHEN: Wed Sep 17 17:31:36 2003
;; MSG SIZE rcvd: 25


Sep 17 17:31:36 spot named[4086]: enforced delegation-only for 'com'
(stk.com)

Does this mean that the patch will break the 'doc' utility, and any
other similar queries such as the one above?

--
--------------------------------------------------------
Dave Lugo dlugo@etherboy.com LC Unit #260 TINLC
Have you hugged your firewall today? No spam, thanks.
--------------------------------------------------------
Are you the police? . . . . No ma'am, we're sysadmins.