1. DNS/RFC/8020
| /awsdns /microsoft |
Contents
DNS/NXDOMAIN DNS/qname-minimisation
NXDOMAIN: There Really Is Nothing Underneath https://tools.ietf.org/html/rfc8020
Abstract This document states clearly that when a DNS resolver receives a response with a response code of NXDOMAIN, it means that the domain name which is thus denied AND ALL THE NAMES UNDER IT do not exist.
NXDOMAIN返答の原点回帰
AWS DNS services break qname minimization (amazon.com)
- 81 points by fanf2 on Dec 10, 2017 | hide | past | favorite | 25 comments
https://news.ycombinator.com/item?id=15893103
RFC8020 is an example of the DNS WG making backwards incompatible changes. The "NXDOMAIN" for an empty non-terminal has long been the behavior in DJB's TinyDNS.
$ dig -t ns msa.trafficmanager.net @tm1.dns-tm.com.
https://forums.aws.amazon.com/thread.jspa?threadID=260905
1.1. DJB
https://mailarchive.ietf.org/arch/msg/dnsext/SdFZivW0H9aL64dQNCKrHV5fE5A/
1.2. horror
https://iepg.org/2017-03-27-ietf98/Horrors%20of%20DNS.pdf
akamai ? は8020を守る: https://community.akamai.com/customers/s/article/CloudSecurityDNSFlagDayandAkamai20190115151216?language=en_US
1.3. deep subdomains
How to check for the existence of deep subdomains even if the intermediate ones don't exist?