On May 16, 2012, at 5:17 PM, Wessels, Duane wrote: > > On May 16, 2012, at 5:07 PM, Paul Hoffman wrote: > >> This fills their cache, well within the TTL of any of the TLDs. >> >> Doesn't that solve the problem? > > There is a fair amount of NXDOMAIN to the roots, of course.
Of course. Are the ISP's customers noticeably affected by longer lag times due to bad connectivity for bad requests to the root? I thought that those requests didn't have material effect on the users, but I could be wrong. Even if that is true, then a second program, run every 5(?) minutes, could fill the negative cache with the 10 most common NXDOMAINs. > But also, some implementations (particularly BIND) won't use the cache > when name server A/AAAA records expire. When those records expire the > iteration starts at the root again. A way to prevent cache poisoning I > believe. Ah, right. So the program needs to be a bit longer than two lines. :-) I strongly suspect a program that keeps a cache full even with rules such as that is less than 50 lines and ten hours worth of writing and testing. --Paul Hoffman _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
