[dns-operations] should recursors think there are only delegation data in tld name servers?
Peter Koch
pk at DENIC.DE
Wed Mar 26 14:13:56 UTC 2014
On Wed, Mar 26, 2014 at 08:22:03PM +0800, ?????? wrote:
> this case, the recusor does not know whether there are other domain names
> related to test.tld, like b.a.test.tld, b.test.cn and c.b.test.cn, so that
> next time it should query the tld again when it receives queries for such
> domain names. Consequencely, If a ddos flood of random third-level domain
> names hits the recusors, the flood also be redirected to the the tld the
> domain names belong to.
this sounds like an attempt to extend the resolver's negative caching
in a way that sometimes has been called "aggressive negative caching".
> I want to know whether there other types of data except delegation data.
DE definitely has authoritative data in the TLD zone itself, at the second
and deeper levels, including "empty non terminals". For a remotely
related discussion, you may want to look for "delegation only" in the
BIND archives.
> If there are only delegation data in tld some servers , the recursors
> should send less unnessary queries to tld servers when they receive a large
> of queries for a random third-level domain names. As a result, the tld
> servers escape from the disasters.
While that's a laudable goal, basing the resolvers' behaviour on assumptions
made about particular zones in the tree makes me a bit nervous. In your example
above, you could ask for the delegation for "test.cn" explicitly, but that's
already a questionable deviation from protocol reality (Stephane's draft
"draft-bortzmeyer-dns-qname-minimisation-01.txt" nonwithstanding).
-Peter
--
Peter Koch | | pk at DENIC.DE
DENIC eG | | +49 69 27235-0
Kaiserstraße 75-77 | |
60329 Frankfurt am Main | | http://www.DENIC.DE
-------------------------------------------------------------------------
Eingetr. Nr. 770 im Genossenschaftsregister Amtsgericht Frankfurt am Main
Vorstand: Helga Krüger, Carsten Schiefner, Dr. Jörg Schweiger
Vorsitzender des Aufsichtsrats: Thomas Keller
More information about the dns-operations
mailing list