[dns-operations] Root-servers returning TC=1 after 5 NXDOMAINS
🔒 Roy Arends
roy at dnss.ec
Tue Feb 10 12:44:40 UTC 2015
> On 10 Feb 2015, at 12:40, bert hubert <bert.hubert at netherlabs.nl> wrote:
>
> On Tue, Feb 10, 2015 at 11:34:35AM +0000, ? Roy Arends wrote:
>>> We've since tried to curtail our queries to the root severly, but we still
>>> get TC=1 responses a lot, which slows down our resolution.
>>
>> Have you thought about running a local copy of the root zone?
>
> More frequently now, yes. But I wonder if that is the intention. Is there an
> official policy on root-servers that allow AXFR yet?
Not sure if there is.
> Can one count on this
> working?
Not sure on that either.
I fetch my local copy here: ftp://rs.internic.net/domain/root.zone
Has been working for years.
>
>>> We shared our concerns with ISC, but it might be good to have a broader
>>> discussion on if it makes sense to set the bar so very low.
>>
>> It doesn’t make sense to set the bar low on a single instance. What might
>> happen is that due to some server selection algorithm, this server gets a
>> penalty and the resolver flocks to other root-servers.
>
> The penalty of TCP/IP by the way is so slight this does not change
> nameserver selection in my case. If you'd count the cost of the original
> query PLUS the TC=1 redirect, it might matter a bit more.
Ack.
Roy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20150210/a39c3465/attachment.sig>
More information about the dns-operations
mailing list