I'm curious whether this affects *.maas, when in fact the MAAS server itself is primary for that domain. In other words, the request should not ever hit the forwarder, should it?
Or does BIND do a root check anyway to ensure that we are indeed allowed to be primary for that TLD?
If we are, is there a way to say "this is not an official TLD" that wouldn't trigger the problem?
I'm curious whether this affects *.maas, when in fact the MAAS server itself is primary for that domain. In other words, the request should not ever hit the forwarder, should it?
Or does BIND do a root check anyway to ensure that we are indeed allowed to be primary for that TLD?
If we are, is there a way to say "this is not an official TLD" that wouldn't trigger the problem?