On 11.09.14 21:51, Colm MacCárthaigh wrote: > For example if a provider booted a box with an empty configuration, it > would be much better to timeout queries than respond with SERVFAIL or > REFUSED.
The protocol expects and response from the server. If no response, the server is considered down. Some of the proposed ways to fix recent DDoS involve temporarily suspending queries to servers that do not respond (in time). This is what will happen to your authoritative server, if you configure it to exhibit such behavior. What you intend to do is probably best served by "connection refused" response. Daniel _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
