Authoritative Server - Referrals to root
Barry Margolin
barmar at alum.mit.edu
Wed Apr 6 19:49:41 UTC 2005
In article <d318f7$20a4$1 at sf1.isc.org>, "Unlisted" <unlisted at gmail.com>
wrote:
> We have problems with our authoritative only servers (BIND 9.3) sending
> resolvers into loops. If the root server delegates a domain to us, and
I think you mean TLD server. Unless you're hosting a TLD, it's unlikely
that root servers delegate directly to you.
> we do not host that zone, we reply with NXDOMAIN and hand back the root
> servers list. The root servers hand back our authoritative servers, we
> hand back the root servers list. Query rates for non-existant domains
> on our servers are 100 times more than what any other queries on the
> servers. I think this is because the resolvers are just looping trying
> to find answers. What's the best method to resolve your authoritative
> zones only and SERVFAIL everything else? BIND 9.3.x
This loop shouldn't happen. When the resolving server receives the
NXDOMAIN response, it's not supposed to go back to the parent server.
It's supposed to recognize this as a lame delegation, and try another
server in the original delegation.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
More information about the bind-users
mailing list