Stopping name server abuse
Barry Margolin
barmar at alum.mit.edu
Mon Jun 25 15:37:19 UTC 2018
In article <mailman.82.1529939079.803.bind-users at lists.isc.org>,
Paul Kosinski <bind at iment.com> wrote:
> How does *not* responding to a UDP query take longer for the *server*
> than responding to UDP a query? Both responding and (deliberately) not
> responding require identifying the query, but not responding bypasses
> the time the server would need to construct the response, plus time
> spent in the network stack. (I'm assuming we don't care about client
> side "expense".)
If there's no response, the client retries several times. It will try
all the servers that the zone is delegated to, so you'll put more load
on multiple servers.
NXDOMAIN responses are cached, it's one hit and then nothing for a while.
--
Barry Margolin
Arlington, MA
More information about the bind-users
mailing list