Happy holidays from ISC!
ISC is fortunate to have staff members in so many different countries around the world: our software development benefits from all the different perspectives - and we benefit personally!
Read postAPNIC has generously offered to sponsor addition of aggressive negative caching, or NSEC Aggressive Use in BIND 9.12.0. They have explained the reasons for supporting this in an APNIC blog posting.
Earlier research by Geoff Huston, Researcher at APNIC, into the volume of root zone queries had identified that the majority of queries to the root zone were for non-existent domains (NXDOMAIN responses). These queries are unnecessary because a busy resolver already has enough prior negative responses to interpolate these additional negative responses. For example, if the resolver already has a definitive prior response in cache that no zones exist between “.abba” and “.acme”, then it is unnecessary to query for “.abcd”.
The benefits of aggressive negative caching are:
BIND 9.12.0 will synthesize negative answers from cached NXDOMAIN, NODATA, and wildcard responses supplied with NSEC records. The 9.12.0 alpha release is available now, supporting synthesis from NXDOMAIN responses only. The 9.12.0 beta release will add support for synthesizing replies based on NODATA and wildcard responses.
What's New from ISC