lame server resolving error is not being negative cache in BIND9?

[Simon Waters]

Jonathan Tse wrote:
> 
> Thanks for the answer. Does it mean it can't resolve as fast as BIND8? And
> will it generate tremendous traffic when it keep receive the same request
> (which may becomes an exploit)? I was thinking this is why negative cache
> comes in to help.
> 
> Sorry that I am still a bit confused between lame error and negative cache.

Negative caching is to prevent repeatedly getting a negative
answer from the DNS.

Lame server is an error response not a negative answer, and so
gets handled differently.

It isn't any more exploitable than far more pathological DNS
configurations which could be created! i.e. If people can place
arbitary queries with your servers they could arrange for some
really difficult questions to answer, to tie up resources, this
is a given with DNS, one of the reasons Internet facing
authoritative servers shouldn't perform recursion.

It won't create lots of traffic, it will however send one
request to the lame server, and will be slower for requests from
that lame server than BIND 8 was. When (if?) the lameness is
fixed it will start giving the correct answer marginally faster.