In message <[email protected]>, "Wessels, Duane " writes: > > On May 16, 2012, at 5:07 PM, Paul Hoffman wrote: > > > This fills their cache, well within the TTL of any of the TLDs. > > > > Doesn't that solve the problem? > > There is a fair amount of NXDOMAIN to the roots, of course. > > But also, some implementations (particularly BIND) won't use the cache > when name server A/AAAA records expire. When those records expire the > iteration starts at the root again. A way to prevent cache poisoning I > believe.
Named doesn't start from the root. It don't refresh the TTL of A/AAAA/NS records learnt as a side effect of another query. Queries start from the closest parent zone with address records for the nameservers. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
