DNS-cache with custom gTLDs
John Wobus
jw354 at cornell.edu
Fri Sep 23 15:33:35 UTC 2011
2011/9/23 Kevin Darcy<kcd at chrysler.com>:
> You're almost certainly getting the NXDOMAIN because you're spoofing
> the
> root servers, and your "fake" root servers don't have the same
> knowledge as
> the real ones, so they'll return NXDOMAIN for some queries (whereas
> dig
> +trace does not, because it follows the hierarchy down and asks
> different
> nameservers). In other words, you're shooting yourself in the foot
> with your
> hints-file trickery.
That was my thought as well. Sometime NXDOMAINs also could simply be
inconsistent authoritative data at the other end. Once again, building
a kluge to work around such a thing wouldn't be a good strategy.
John
More information about the bind-users
mailing list