phonedph1

Future problem: `single_target_ip` isn't documented I don't think.

This was based on what someone else was doing earlier in the day but: ``` curl --location --request POST 'http://127.0.0.1:8082/api/v1/servers/localhost/zones' --header 'X-API-Key: s3cret' --header 'Content-Type: text/plain' --data-raw '{ "kind": "NATIVE",...

> You can already do this in the Recursor today. Someone came on IRC looking how to do this. So maybe this will help people in the right direction. Put...

> > `forward-zones-recurse` is different: in this case the target only needs to be able to resolve (all) names in the forwarded domain and no NS complications occur. > The...

We drop these in (early) rules, something like: `addAction(NotRule(OpcodeRule(DNSOpcode.QUERY)), DropAction())`

This might be silly, but if you create a few 'garbage' zones before trying the import, does it work? It looks like it's not creating all the shards (which in...

https://indico.dns-oarc.net/event/46/contributions/978/attachments/947/1754/Cache%20Poisoning%20Protection%20-%20Deployment%20Experience.pdf page 13 is also semi-relevant to this

Even with the above commit the permissions for the `Vault` directory (and everything below?) is still not going to work as it modifies these in `harden_unix.go` each time it starts...