Hyperlocal RFC8806 Root Mirror
Petr Menšík
pemensik at redhat.com
Tue Oct 3 19:11:16 UTC 2023
Hi Silva,
I do not understand that tutorial language and you have not shared much
details what it should do. But note that bind will cache both positive
and negative (non-existent) answers, so repeated tests answers are
delivered from cache even when local domain is not present. I would
recommend using statistics counters of forwarded queries instead of
response time.
Aggressive DNSSEC validation can be used to synthetize response for
names not yet queried, if the name is in range of already negative
answer previously received. The result might be similar to local copy of
root zone if enough negative answers is cached.
This is enabled by default per
https://bind9.readthedocs.io/en/v9.18.19/reference.html#namedconf-statement-synth-from-dnssec
in version 9.18.19. If you have dnssec-validation yes or auto, then this
would be active. So cache state can make replies instant. I think
observing traffic using wireshark or statistics counters might be
provide more reliable metric.
Best Regards,
Petr
On 27. 09. 23 17:53, Silva Carlos wrote:
> +++++++++++++++++++++++++++++++++++++++++++++++++
>
> Hey guys.
> I have two recursive servers, bind 9.18 on Debian 12.
>
> On server A I configured HyperLocal. On Server B I did NOT configure
> HyperLocal.
>
> I ran the command "dig @localhost EXAMPLES" on both servers.
> EXAMPLES: blabla.sdf.dd or teste.com.eroterrter or world.nanana
>
> Problem: Both Servers report that "Query TIme = 0 ms". I understand
> that Server A should result in 0ms and Server B should have a non-zero
> time as Server B does not have a copy of the Root Zone DB.
>
> Question: Where am I going wrong? Am I missing some basic principle?
>
>
> I'm following this tutorial:
> https://semanacap.bcp.nic.br/files/apresentacao/arquivo/864/Implementacao%20de%20servidores%20recursivos%20guia%20de%20praticas%20semcap%20ceptro%20br.pdf
>
> Best Regards +++++++++++++++++++++++++++++++++++++++++++++++++
>
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
> Não contém vírus.www.avast.com
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
>
>
>
--
Petr Menšík
Software Engineer, RHEL
Red Hat,http://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20231003/e3488616/attachment.htm>
More information about the bind-users
mailing list