[dns-operations] The (very) uneven distribution of DNS root servers on the Internet

Paul Hoffman phoffman at proper.com
Thu May 17 00:40:03 UTC 2012

On May 16, 2012, at 5:17 PM, Wessels, Duane wrote:

> On May 16, 2012, at 5:07 PM, Paul Hoffman wrote:
>> This fills their cache, well within the TTL of any of the TLDs.
>> Doesn't that solve the problem?
> There is a fair amount of NXDOMAIN to the roots, of course.

Of course. Are the ISP's customers noticeably affected by longer lag times due to bad connectivity for bad requests to the root? I thought that those requests didn't have material effect on the users, but I could be wrong. Even if that is true, then a second program, run every 5(?) minutes, could fill the negative cache with the 10 most common NXDOMAINs.

> But also, some implementations (particularly BIND) won't use the cache
> when name server A/AAAA records expire.  When those records expire the
> iteration starts at the root again.  A way to prevent cache poisoning I
> believe.

Ah, right. So the program needs to be a bit longer than two lines. :-) I strongly suspect a program that keeps a cache full even with rules such as that is less than 50 lines and ten hours worth of writing and testing.

--Paul Hoffman

More information about the dns-operations mailing list