Authoritative Server - Referrals to root

Mark Andrews Mark_Andrews at isc.org
Wed Apr 6 22:52:22 UTC 2005 

> Yes, what I meant to say is that the TLD server for the domain is
> handing our NS records out.  Either the domain is on our non-payment
> status, been terminated, or removed for aup violations.  Since there is
> no SOA anymore there is no NXDOMAIN ttl and therefore we get pounded
> with queries asking about that domain.  Whats the best way to cut down
> on traffic; serve up SERVFAIL or don't provide referrals to the root
> servers on NXDOMAIN?
> 
> here is an example:
> http://www.dnsstuff.com/tools/dnstime.ch?name=sbiztrade.net&type=A


	What you are actually doing is returning a referal to the
	root servers.  You are NOT returning NXDOMAIN.

	Note: status is NOERROR not NXDOMAIN.

; <<>> DiG 8.3 <<>> sbiztrade.net @home.myserver.org +norec 
; (1 server found)
;; res options: init defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40329
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0
;; QUERY SECTION:
;;	sbiztrade.net, type = A, class = IN

;; AUTHORITY SECTION:
.			5w6d16h IN NS	A.ROOT-SERVERS.net.
.			5w6d16h IN NS	B.ROOT-SERVERS.net.
.			5w6d16h IN NS	C.ROOT-SERVERS.net.
.			5w6d16h IN NS	D.ROOT-SERVERS.net.
.			5w6d16h IN NS	E.ROOT-SERVERS.net.
.			5w6d16h IN NS	F.ROOT-SERVERS.net.
.			5w6d16h IN NS	G.ROOT-SERVERS.net.
.			5w6d16h IN NS	H.ROOT-SERVERS.net.
.			5w6d16h IN NS	I.ROOT-SERVERS.net.
.			5w6d16h IN NS	J.ROOT-SERVERS.net.
.			5w6d16h IN NS	K.ROOT-SERVERS.net.
.			5w6d16h IN NS	L.ROOT-SERVERS.net.
.			5w6d16h IN NS	M.ROOT-SERVERS.net.

;; Total query time: 194 msec
;; FROM: drugs.dv.isc.org to SERVER: 63.210.174.80
;; WHEN: Thu Apr  7 08:39:55 2005
;; MSG SIZE  sent: 31  rcvd: 239

	Instead of removing the zone make it a empty zone (SOA and
	NS records only) then work with the parent zone to get the
	delegation removed.  By doing this you will be supplying
	answers that can be cached.  NXDOMAIN for all the children
	and NODATA for A, AAAA, MX and other queries for the zone
	name itself.

	If you want add a TXT record explaining the status of the
	zone (e.g. @ TXT "Removed for AUP violations").  By adding
	the TXT record you will be telling everyone else that you
	are aware of the problem.

	Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list