On Wed, Mar 26, 2014 at 08:22:03PM +0800, ?????? wrote: > this case, the recusor does not know whether there are other domain names > related to test.tld, like b.a.test.tld, b.test.cn and c.b.test.cn, so that > next time it should query the tld again when it receives queries for such > domain names. Consequencely, If a ddos flood of random third-level domain > names hits the recusors, the flood also be redirected to the the tld the > domain names belong to.
this sounds like an attempt to extend the resolver's negative caching in a way that sometimes has been called "aggressive negative caching". > I want to know whether there other types of data except delegation data. DE definitely has authoritative data in the TLD zone itself, at the second and deeper levels, including "empty non terminals". For a remotely related discussion, you may want to look for "delegation only" in the BIND archives. > If there are only delegation data in tld some servers , the recursors > should send less unnessary queries to tld servers when they receive a large > of queries for a random third-level domain names. As a result, the tld > servers escape from the disasters. While that's a laudable goal, basing the resolvers' behaviour on assumptions made about particular zones in the tree makes me a bit nervous. In your example above, you could ask for the delegation for "test.cn" explicitly, but that's already a questionable deviation from protocol reality (Stephane's draft "draft-bortzmeyer-dns-qname-minimisation-01.txt" nonwithstanding). -Peter -- Peter Koch | | [email protected] DENIC eG | | +49 69 27235-0 Kaiserstraße 75-77 | | 60329 Frankfurt am Main | | http://www.DENIC.DE ------------------------------------------------------------------------- Eingetr. Nr. 770 im Genossenschaftsregister Amtsgericht Frankfurt am Main Vorstand: Helga Krüger, Carsten Schiefner, Dr. Jörg Schweiger Vorsitzender des Aufsichtsrats: Thomas Keller _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
