[dns-operations] Getting rid of ISP's recursive DNS servers?(Was: Eircom "DNS Attacks" ?

Suzanne Woolf woolf at isc.org
Mon Jul 20 18:36:08 UTC 2009

On Mon, Jul 20, 2009 at 08:32:08PM +0200, Barber, Piet wrote:
> > The current root load consists mostly (90+%) of queries for which
> > NXDOMAIN is the offered answer. Some clients do negative caching
> > properly, some don't, so it's hard to quantify the benefit.
> I would like to correct a minor point here: 
> Doing an analysis of the inbound DNS queries to our root server, I would
> agree that 90% of them are useless and never should have gotten to the
> root server in the first place.   However, of that 90% of useless
> queries, not all of them result in an NXDOMAIN response from the root
> server.  At this very moment, A.root-servers.net is answering about 1 in
> every 4 queries with an NXDOMAIN response, (instead of 9 in 10).   

Thanks for the clarification Piet, I meant to make the same
distinction and inadvertently edited it out.

More information about the dns-operations mailing list