Survey - how many people running ISP nameservers define "minimal-responses" - was Re: What is the deal on missing "Authority Section" and "additional section" from google's DNS servers?
Barry Margolin
barmar at alum.mit.edu
Wed Jul 11 22:55:12 UTC 2012
In article <mailman.1317.1342033147.63724.bind-users at lists.isc.org>,
"Michael Hoskins (michoski)" <michoski at cisco.com> wrote:
> while it's largely personal preference -- i generally like to "be
> conservative in what i send, and liberal in what i accept":
>
> http://en.wikipedia.org/wiki/Robustness_principle
This doesn't refer to quantity, but to how strictly you should adhere to
the specification.
> it's not violating RFCs to send the full data so it's not technically
> "wrong". however, if sending back too much data is known to cause
> problems in some cases and can potentially be used against you...then it
> seems wise to take the minimal path.
As long as you stay under the traditional 500 byte limit, I think you're
being conservative enough. "Liberal" would be depending on EDNS0
extensions.
However, I think it's reasonable to adhere to the following policy:
Caching nameserver: minimal-responses yes. The clients of these are
primarily stub resolvers, which probably won't cache the additional
data, so it's a waste of bandwidth and could potentially cause problems.
Authoritative nameserver: minimal-responses no. The clients are almost
all caching nameservers, and they'll cache what they can.
--
Barry Margolin
Arlington, MA
More information about the bind-users
mailing list