Authoritative Server - Referrals to root

Mark Andrews Mark_Andrews at isc.org
Fri Apr 8 23:39:25 UTC 2005 

> Thanks for the answers guys - I appreciate it.
> 
> > As long as the customer still has the delegation pointing
> > to you there is nothing wrong with serving the minimal zone.
> > By NOT serving the zone that is delegated to you you are
> > causing operational problems for yourserlf and every client
> > that looks up the zone.
> 
> I'm more or less trying to plan for the future.  I've been nailed 2-3
> times in the past month with zones that are delegated to us, but the
> customer either does not know it, or they let the DNS expire and don't
> really care what happens to the domain name.  Running DNSTOP shows
> these non-existant zones are 4x the query rate than even our NS
> records, which are usually at the top of the list.  See this few second
> dnstop snippet for an example ... that top zone is non-existant, 20% of
> the queries on our entire system are from that one alone.
> 
> 3LD                                count      %
> ------------------------------ --------- ------
> sbiztrade.net                       2024   20.3
> ns2.changeip.com                     376    3.8
> ns1.changeip.com                     369    3.7
> ns3.changeip.com                     352    3.5
> ns4.changeip.com                     342    3.4
> 
> These servers are authoritative only.  Would it help to add a wildcard
> root SOA with no records and set the TTL for 30 seconds or something?
> This way they at least get a result they can cache and quit coming back
> to ask every millisecond of every day.  I know wildcards are risky and
> have side effects, but I don't really want to 'manually' search for
> non-existant zones and enter something for them every time they popup.
> Automation is the key to having free time to with your 5 year old after
> work.
> 
> Thx

	Yes automation is the key.  Examine your query log and for each
	non-recursive query in it see if the names is at or below a zone
	you host.  For those that arn't check the delegation path to see
	if it comes to you and if so add in a empty zone.

	Also daily for all zone you serve check that the parent zone still
	delegates the zone to you.

	Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list