[dns-operations] Root-servers returning TC=1 after 5 NXDOMAINS

🔒 Roy Arends roy at dnss.ec
Tue Feb 10 12:44:40 UTC 2015


> On 10 Feb 2015, at 12:40, bert hubert <bert.hubert at netherlabs.nl> wrote:
> 
> On Tue, Feb 10, 2015 at 11:34:35AM +0000, ? Roy Arends wrote:
>>> We've since tried to curtail our queries to the root severly, but we still
>>> get TC=1 responses a lot, which slows down our resolution.
>> 
>> Have you thought about running a local copy of the root zone?
> 
> More frequently now, yes. But I wonder if that is the intention. Is there an
> official policy on root-servers that allow AXFR yet?

Not sure if there is.

> Can one count on this
> working?

Not sure on that either.

I fetch my local copy here: ftp://rs.internic.net/domain/root.zone

Has been working for years.

> 
>>> We shared our concerns with ISC, but it might be good to have a broader
>>> discussion on if it makes sense to set the bar so very low.
>> 
>> It doesn’t make sense to set the bar low on a single instance. What might
>> happen is that due to some server selection algorithm, this server gets a
>> penalty and the resolver flocks to other root-servers.
> 
> The penalty of TCP/IP by the way is so slight this does not change
> nameserver selection in my case. If you'd count the cost of the original
> query PLUS the TC=1 redirect, it might matter a bit more.

Ack.

Roy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20150210/a39c3465/attachment.sig>


More information about the dns-operations mailing list