Preventing a particular type of nameserver abuse
Tony Finch
dot at dotat.at
Tue Apr 13 10:40:25 UTC 2021
Anand Buddhdev <anandb at ripe.net> wrote:
>
> A legitimate client, following a normal chain of referrals, has *no*
> reason to query a server for zones it is not authoritative for.
That's true for cases like .sl and other domains whose delegations are set
up correctly, but if a server is accidentally lame then it's helpful to
return REFUSED so that resolvers don't have to wait for a timeout before
trying other servers. A quick REFUSED will also avoid messing up the
resolver's per-server statistics that might interfere with queries for
authoritative zones.
Tony.
--
f.anthony.n.finch <dot at dotat.at> https://dotat.at/
Southwest Fitzroy: Southeasterly 5 to 7, becoming variable 2 to 4 at
times in south. Moderate or rough, occasionally slight in south.
Thundery showers, fog patches. Moderate, occasionally very poor.
More information about the bind-users
mailing list