DNS-cache with custom gTLDs
Kevin Darcy
kcd at chrysler.com
Wed Sep 21 23:01:55 UTC 2011
On 9/21/2011 7:33 AM, Drunkard Zhang wrote:
> 2011/9/20 Drunkard Zhang<gongfan193 at gmail.com>:
>> I got 4 DNSs doing recursive resolution, which splited into 2 groups,
>> and a couple of dns caches. Each group of recursion DNS using their
>> own net link, which is different.
>>
>> Here's problem: I want a dns-cache to use one group of recursion DNS
>> as their forwarders, and use another group as backup. ( I have to,
>> because 2 groups of recursion DNS get different results, and sometimes
>> one of them can't resolves, while another can. ) All solution I can
>> find out is "forward first" to one group, and use all 2 groups as
>> gTLDs, is this __safe__?
>>
> This is not working... I did some test, and if dns-cache got a
> NXDomain response, it won't go any far. Is it intended?
That's the intended behavior. NXDOMAIN is a final response. There's no
need to go further.
>
>> Is there any other solution I can hack?
>>
>>
>> Another problem: there's a lot of resolution on dns-cache querying
>> a.root-servers.net, is it safe that i hijack a.root-servers.net to my
>> own DNS? If it's safe, I can cut down queries to a.root-servers.net by
>> millions of times per hour.
>>
>> Look forwarding to your kind responses :-)
>>
> When I query a name, the dns-cache queries forwarders for gTLDs
> instead of using local hint file, why?
Because the hints file is only for the *root* zone.
> And the dns-cache does not
> trust forwarder returned result when set "forward first", is it
> possible to fake it?
What do you mean "not trust"?
- Kevin
More information about the bind-users
mailing list