auth-nxdomain yes
Kevin Darcy
kcd at daimlerchrysler.com
Thu Jun 17 00:12:04 UTC 2004
Ladislav Vobr wrote:
>>If the client is using the gethostbyname() interface, or something like
>>it, then it shouldn't make any difference, since the flag values are not
>>accessible through that interface. If an app running on the client is
>>using the resolver library directly, then it might care whether AA is
>>set or not; that would depend on how the application is written...
>>
>>
>
>hmm, so if that remote application is bind (forwarding to me), seting
>'auth-nxdomain yes' might help, isn't it? The remote forwarding bind
>might start caching the nxdomain with the aa bit, which could have been
>ignored by this remote caching bind previously due to the absence of aa
>bit in the nxdomain response, thus decreasing the number of requests
>sent to me(caching server):-).
>
I don't think BIND has cared whether the AA bit is set on received
NXDOMAIN responses for a very long time. In fact, I'm not sure BIND 8
*ever* cared. Maybe BIND 4 cared.
Of course, you can easily test your theory. Just query the downstream
server right after sending it a non-AA NXDOMAIN response and see if it
still has the negative caching record.
- Kevin
More information about the bind-users
mailing list