Negative caching SERVFAIL responses
Arjun Nair
anair1 at nortel.com
Thu Sep 18 20:09:46 UTC 2008
Peter Dambier wrote:
> Hi Arjun,
>
> I did it and Im glad it is nolonger automatically done.
>
> When I had a break in connectivity for a couple of minutes,
> my resolver replied NXDOMAIN for everything and it would
> not heal itself for more that an hour.
>
> It would not work again until I stopped and restarted the
> nameserver. When that happened more than once day I was
> glad somebody told me how to switch it off with bind 8.
>
> "auth-nxdomain yes" will cache permanently domains that were
> missing once.
>
Thanks for the reply. I looked into the "auth-nxdomain yes" but could not find any info on how it would enable caching for SERVFAIL. I have caching enabled for negative responses, but it only authorized NXDOMAIN responses and not SERVFAILs.
You make a good point though, caching SERVFAIL responses will lead to undesired behavior when there is a break in connectivity.
Thanks,
Arjun
More information about the bind-users
mailing list