[dns-operations] *.de kicked out of service due to NXDOMAIN

Joe Abley jabley at hopcount.ca
Fri Nov 13 15:56:39 UTC 2009


On 2009-11-13, at 07:43, Patrick W. Gilmore wrote:

> Is it disallowed by standard?

Since a name error means "there is no such name for any RR" it seems weird to record that as "well, there's no such name for A, but maybe there will be one for AAAA since the server could be having a bad day, let's keep our minds open".

[Since 1034 and 1035 pre-date 2119 and consequently is bereft of clear normative keywords, it's often not clear cut as to whether anything in particular is disallowed.]

I appreciate this mode of operation might have helped with DE's problems (although conversely it could also have hindered troubleshooting if there was widespread deployment of unbound).

There are many cases where it's really preferable for negative caching to work as intended, though, e.g. from the perspective of a busy authority-only server which is getting hammered by unnecessary, repeated queries for the same non-existent name.


Joe


More information about the dns-operations mailing list