Peter Dambier wrote: > Hi Arjun, > > I did it and Im glad it is nolonger automatically done. > > When I had a break in connectivity for a couple of minutes, > my resolver replied NXDOMAIN for everything and it would > not heal itself for more that an hour. > > It would not work again until I stopped and restarted the > nameserver. When that happened more than once day I was > glad somebody told me how to switch it off with bind 8. > > "auth-nxdomain yes" will cache permanently domains that were > missing once. > Thanks for the reply. I looked into the "auth-nxdomain yes" but could not find any info on how it would enable caching for SERVFAIL. I have caching enabled for negative responses, but it only authorized NXDOMAIN responses and not SERVFAILs.
You make a good point though, caching SERVFAIL responses will lead to undesired behavior when there is a break in connectivity. Thanks, Arjun
