[93673] in North American Network Operators' Group
Re: DNS - connection limit (without any extra hardware)
daemon@ATHENA.MIT.EDU (Mark Andrews)
Mon Dec 11 20:55:11 2006
Date: Tue, 12 Dec 2006 12:54:16 +1100 (EST)
From: Mark Andrews <Mark_Andrews@isc.org>
To: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.64.0612111613480.26126@pants.snark.net>
Cc:
Errors-To: owner-nanog@merit.edu
In article <Pine.LNX.4.64.0612111613480.26126@pants.snark.net> you write:
>
>On Mon, 11 Dec 2006, Simon Waters wrote:
>
>> Yes. Most of the root server traffic is answering queries with
>> "NXDOMAIN" for non-existant top level domains, if you slave root
>> on your recursive servers, your recursive servers can answer those
>> queries directly (from the 120KB root zone file), rather than
>> relying on negative caching, and a round trip to the root
>> servers, for every new non-existant domain.
>
>That would require configuring my caching server with authoritative
>zones, and it seems prevailing wisdom (at least with BIND
>configurations?) is to keep the peanut butter seperate from the
>chocolate, no matter how great they taste together, to the best
>of my knowledge.
>
>matto
No. The wisdom is to not make your authoritative servers
caches. This is not the same as not making your caches
authoritative for certain zones. Just don't have the caches
listed in the NS RRsets. Note: You will need to configure
your master server(s) to notify the caches for the zone
that slave as the automatic mechanisms won't discover them.
Mark
>--matt@snark.net------------------------------------------<darwin><
> Moral indignation is a technique to endow the idiot with dignity.
> - Marshall McLuhan
