This is something that has bugged me for a long time, and I'd love to see a good solution to.
If a record is requested from an authoritative server, where the zone exists, but the records does not exist, the negative response is cached for <minimum> period of time. If a record is requested from an authoritative server, where the zone does not exist, generally the response is REFUSED, but *this is not cached* by the requesting server. This results in a nearly continuous stream of retries, which continue to result in the same response. Our authoritative servers see no less than 15%, and sometimes as much as 25% of our worldwide traffic as these non-authoritative responses. There needs to be a means to signal to a recursive server that it should not requery a REFUSED response for a specified period of time. Given that these responses to not have ANSWER records to put a TTL on, return a (new) EDNS record? Michael Sheldon Dev-DNS Services GoDaddy.com _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop