Re: DNS-cache with custom gTLDs

Wed, 21 Sep 2011 06:02:23 -0700 

2011/9/20 Drunkard Zhang <gongfan...@gmail.com>:

I got 4 DNSs doing recursive resolution, which splited into 2 groups,
and a couple of dns caches. Each group of recursion DNS using their
own net link, which is different.

Here's problem: I want a dns-cache to use one group of recursion DNS
as their forwarders, and use another group as backup. ( I have to,
because 2 groups of recursion DNS get different results, and sometimes
one of them can't resolves, while another can. ) All solution I can
find out is "forward first" to one group, and use all 2 groups as
gTLDs, is this __safe__?


On 21.09.11 19:33, Drunkard Zhang wrote:

This is not working... I did some test, and if dns-cache got a
NXDomain response, it won't go any far. Is it intended? or I missed
something? I'm using 9.7.3-P3. Here's my configuration on dns-cache.
It IS indented. The NXDOMAIN means that the requested name does not exist. It is a correct DNS answer and DNS client should not search any further.
If there is a domain name for which some servers return an positive answer, and some negative one, then there is something broken with that domain. 


Another problem: there's a lot of resolution on dns-cache querying
a.root-servers.net, is it safe that i hijack a.root-servers.net to my
own DNS?
I think you should not hijack others' DNS requests. Blocking them would be much more correct. Note that there are more root servers than just a.root-servers.net - if someone queries this one server, something is apparently broken at their side. 


When I query a name, the dns-cache queries forwarders for gTLDs
instead of using local hint file, why?
local "hint" file? I'm not sure what you mean here. 
And the dns-cache does not
trust forwarder returned result when set "forward first", is it
possible to fake it?


Why do you think it does not trust what forwarder returned?

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Depression is merely anger without enthusiasm. _______________________________________________ 
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to