rpenny at samba.org
Tue Jan 22 15:34:44 UTC 2019
On Tue, 22 Jan 2019 16:16:15 +0100
"L. van Belle via samba" <samba at lists.samba.org> wrote:
> Hai Rowland,
> I think you are mixing a few settings.
> additional-from-auth yes | no ;
> additional-from-cache yes | no ;
I have never set those options
> auth-nxdomain yes | no;
> If auth-nxdomain is 'yes' allows the server to answer authoritatively
> (the AA bit is set)
> when returning NXDOMAIN (domain does not exist) answers,
> if 'no' (the default) the server will not answer authoritatively.
I don't set that and so it defaults to 'no' and does it matter whether
the AD is Authoritative for a non existing domain or not ?
> empty-zones-enable yes | no ;
> By default empty-zones-enable is set to yes which means that reverse
> queries for IPv4 and IPv6 addresses
> covered by RFCs 1918, 4193, 5737 and 6598 (as well as IPv6 local
> address (locally assigned),
> IPv6 link local addresses, the IPv6 loopback address and the IPv6
> unknown address)
> but which is not not covered by a locally defined zone clause will
> automatically return an NXDOMAIN response from the local name server.
> This prevents reverse map queries to such addresses escaping to the
> DNS hierarchy where
> they are simply noise and increase the already high level of query
> pollution caused by mis-configuration.
OK, I will give you that one, it probably would be better if it was set
to yes, which really means not having the line.
More information about the samba