Olafur Gudmundsson <ogud at ogud.com> writes: > This server does not even have the SOA or NS that are required to exist > at the top of a zone it only answers query for A correctly. > > IMHO it is wrong to a fix in resolver for such badly behaving > load balancer. > > Please do not do it, tell people to report the error to the site > and instruct them to report the equipment they has a broken DNS > server. I agree that the server behaviour should be corrected. The question is: how many name servers out there exhibit this error? If only the servers for www.newegg.com and www.usps.com are broken, then I agree that putting this work-around in the resolver is unnecessary and perhaps even harmful. If they are just the tip of an iceberg, then the work-around is needed. Otherwise sites that try to deploy Unbound will find themselves dealing with user complaints for which the convenient solution will be to revert to BIND. I don't know how often this misconfiguration occurs. It would be interesting to obtain the logs from a high-traffic resolver that hasn't blackholed lame server logging. One clue, though: PowerDNS Recursor appears to have the same work-around as BIND: http://www.panix.com/~geoff/pdns.out Geoff