jo...@hasig.de <jo...@hasig.de> wrote: > Am 24.06.2018 um 23:41 schrieb Barry Margolin: > > jo...@hasig.de wrote: > > > > > > why dont you just delete the zones? > > > > That won't stop the queries from coming to the server. > > yes, but it minimizes the use of resources because the only answer is > nxdomain.
If you delete the zones, the nameserver will return REFUSED not NXDOMAIN, and the resolver that is making the query will retry. We used to refuse external queries for private.cam.ac.uk, but for reasons related to X.509 CAA checks we now use views to return NXDOMAIN instead. This change unexpectedly reduced the query load on our authoritative servers by half. (Obvious in retrospect, but...) I suggest empty place-holder zones with long TTLs, possibly with a www entry pointing to a page saying the account has been closed. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ oppose all forms of entrenched privilege and inequality _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
