Authoritative Server - Referrals to root
Mark Andrews
Mark_Andrews at isc.org
Fri Apr 8 23:39:25 UTC 2005
> Thanks for the answers guys - I appreciate it.
>
> > As long as the customer still has the delegation pointing
> > to you there is nothing wrong with serving the minimal zone.
> > By NOT serving the zone that is delegated to you you are
> > causing operational problems for yourserlf and every client
> > that looks up the zone.
>
> I'm more or less trying to plan for the future. I've been nailed 2-3
> times in the past month with zones that are delegated to us, but the
> customer either does not know it, or they let the DNS expire and don't
> really care what happens to the domain name. Running DNSTOP shows
> these non-existant zones are 4x the query rate than even our NS
> records, which are usually at the top of the list. See this few second
> dnstop snippet for an example ... that top zone is non-existant, 20% of
> the queries on our entire system are from that one alone.
>
> 3LD count %
> ------------------------------ --------- ------
> sbiztrade.net 2024 20.3
> ns2.changeip.com 376 3.8
> ns1.changeip.com 369 3.7
> ns3.changeip.com 352 3.5
> ns4.changeip.com 342 3.4
>
> These servers are authoritative only. Would it help to add a wildcard
> root SOA with no records and set the TTL for 30 seconds or something?
> This way they at least get a result they can cache and quit coming back
> to ask every millisecond of every day. I know wildcards are risky and
> have side effects, but I don't really want to 'manually' search for
> non-existant zones and enter something for them every time they popup.
> Automation is the key to having free time to with your 5 year old after
> work.
>
> Thx
Yes automation is the key. Examine your query log and for each
non-recursive query in it see if the names is at or below a zone
you host. For those that arn't check the delegation path to see
if it comes to you and if so add in a empty zone.
Also daily for all zone you serve check that the parent zone still
delegates the zone to you.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list