Grant Taylor via bind-users <> wrote:
> On 11/13/21 7:29 AM, Tony Finch wrote:
> > You should make sure that your public nameservers return a definite nodata
> > or NXDOMAIN reply for your private names, not REFUSED, nor a referral to an
> > RFC 1918 address. The latter two will cause resolvers to retry, and the
> > retries can become a large proportion of your total authoritative query
> > traffic.
> Please elaborate on the mechanics behind returning a ""private IP
> causing resolvers to retry?  Is it the resolvers rejecting the ""private
> IP and retrying?

Yes, because they get a referral to nameservers that don't respond or that
respond incorrectly.

f.anthony.n.finch  <>
Forties: East or southeast, veering south later, 4 to 6. Moderate. Fog
patches at first. Moderate or good, occasionally very poor at first.

Please visit to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at for more information.

bind-users mailing list

Reply via email to