recursion on auth-only server
Peter Dambier
peter at peter-dambier.de
Fri Oct 2 16:50:44 UTC 2009
Matus UHLAR - fantomas wrote:
> Hello,
>
> I have moved authoritative server to new IP address. I have changed the DNS
> name pointing to it so the NS would point to the new IP.
>
> Now I looked at the traffic and it seems that there are ~4 of 1000 recursive
> requests sent to it.
>
> Are there any known resolvers that can iterate through NS hierarchy, or
> iterative DNS servers that send resursive requests anywhere?
>
I know you can use bind as your local resolver. It does query from the root
down until it finds what it is looking for - when you don't use forwarders.
dnscache which is part of djbdns does always query from the root down.
It never uses forwarders.
I don't know for sure if the "Authoritative Answer Only" bit is set but I guess no.
Somebody must resolve. So you will see my ISPs resolver querying you if you don't
see my own resolver.
With censoring commonplace in europe at least, people with the know do run their
own resolvers. You'll see the number increasing.
I guess 0.4% is harmless. The number I see looks higher and they do not look for
domains I slave.
Kind regards
Peter
--
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
http://www.peter-dambier.de/
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
ULA= fd80:4ce1:c66a::/48
More information about the bind-users
mailing list