Future of BIND's built-in empty zone list
Rob Foehl
rwf at loonybin.net
Thu May 14 21:13:59 UTC 2015
On Thu, 14 May 2015, Chris Thompson wrote:
> Now that RFCs 7[5]34 & 7[5]35 have been published, how do ISC see the future
> of the seemingly ever-expanding built-in empty zone list in BIND?
>
> One possibility that seems plausible to me is to add EMPTY.AS112.ARPA
> to the list now, and remove existing entries if and when the corresponding
> names in the public DNS acquire DNAMEs pointing to that (hopefully ones
> with large TTLs).
Adding empty.as112.arpa to the list seems like a good idea, but removing
the existing empty zones does not -- they also prevent leaking internal
queries, which is both more noise for the root/IANA/AS112 infrastructure
to sink and a potential privacy concern.
There's also the minor benefit of fast responses from local resolvers,
which still matters for determinism in the initial query. From where I
sit, the nearest blackhole.as112.arpa is 90+ms and an ocean away (v4 or
v6), and the existing AS112 nodes aren't much better.
What would be gained by shrinking the number of empty zones? The only
thing that comes to mind is that it'd make life marginally easier for
those who run cache hierarchies and override some of those zones at the
top level, but there's already an option for that and I'm definitely
grasping at straws here...
-Rob
More information about the bind-users
mailing list