RCODE 5 (REFUSED) as response type

[shaanen]

Wouldn't it be better to use RCODE 5 "REFUSED" as response type rather than NXDOMAIN, since we are filtering DNS requests?

e.g. for Unbound:
local-zone: evil.invalid refuse

[montyubuntu]

A dns client that receives a REFUSED answer will forward the request to the next server in the network configuration.
While a client thet receives NXDOMAIN answer from the DNS query the client wil stop querying the dns servers known in the network.
Thus making the 'static' black list solution more rigid and faster.