1. DNS/BIND/minimal-responses


https://ftp.isc.org/isc/bind9/9.12.0/doc/arm/ https://ftp.isc.org/isc/bind9/9.12.0/doc/arm/Bv9ARM.ch06.html




If yes the server will only add NS resource records to the Authority section and A or AAAA resource records (RRs) 
to the Additional sections of a query response when they are required by the protocol,
for instance, delegations (referrals) and negative responses.

This may improve the performance of the server by reducing outgoing data volumes especially if the number of name servers is large.

The BIND default is no which means that the Authority and Additional sections of the query response will always be fully populated (speeding up processing at the resolver). This statement may be used in a view or a global options clause.

こういう説明をしているということは、BINDには毒盛の余地があるということである。 -- ToshinoriMaeno 2018-03-17 05:42:03

1.1. glueではないレコード



CVE-2012-5166 [JP]: 特別に細工されたDNSのデータによるnamedのハングアップ https://kb.isc.org/article/AA-00808/0

1.2. その他


A NIOS appliance returns a minimal amount of data in response to a query, by default.


So far, the BIND "minimal-responses" config option was set to false in
default config. We are changing this to true in 9.12.


  minimal-responses is now set to no-auth-recursive by default.