I guess I should clarify; I'm not trying to "be kind to my DNS server" (although that's a nice side effect) so much as improve responsiveness for client machines. Assume my connectivity to the public DNS is slow, congested, lossy, etc. I want to reduce the several second delay on every address lookup due to misguided client software hoping for IPv6 reachability that isn't actually there.
>That's negative caching. The way it's done is specified in RFC 2308 and >dnsmasq supports it. The crucial thing is that there needs to be an SOA >record in the authority section of the reply in order for a negative >cache entry to be generated. I've noticed that recently my ISP's >nameservers have stopped including an NS section. They probably think >doing that will reduce the load on their nameservers. Poor fools. RFC 2308 says: A negative answer that resulted from a no data error (NODATA) should be cached such that it can be retrieved and returned in response to another query for the same <QNAME, QTYPE, QCLASS> that resulted in the cached negative response. I don't think this is working for me in 2.22. >I suspect that your ISP has done the same thing. Try running a query >using "dig" for an unknown domain and see what you get: it should look >like this: >;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4694 >but if it looks like this instead, that's the source of the problem. >;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 25755 Does this help? [No, I don't see any NS records included.] % dig www.nonxx.net in aaaa ; <<>> DiG 8.3 <<>> www.nonxx.net in aaaa ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31092 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUERY SECTION: ;; www.nonxx.net, type = AAAA, class = IN ;; AUTHORITY SECTION: net. 3H IN SOA a.gtld-servers.net. nstld.verisign-grs.com. ( 1113256832 ; serial 30M ; refresh 15M ; retry 1W ; expiry 15M ) ; minimum ;; Total query time: 25 msec ;; FROM: me to SERVER: 206.13.28.12 ;; WHEN: Mon Apr 11 15:01:10 2005 ;; MSG SIZE sent: 31 rcvd: 104 % dig www.cnn.com in aaaa ; <<>> DiG 8.3 <<>> www.cnn.com in aaaa ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42213 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUERY SECTION: ;; www.cnn.com, type = AAAA, class = IN ;; ANSWER SECTION: www.cnn.com. 2m14s IN CNAME cnn.com. ;; AUTHORITY SECTION: cnn.com. 8m50s IN SOA bender.turner.com. hostmaster.tbsnames.turner.com. ( 2005040700 ; serial 15M ; refresh 5M ; retry 1W ; expiry 15M ) ; minimum ;; Total query time: 16 msec ;; FROM: me to SERVER: 206.13.28.12 ;; WHEN: Mon Apr 11 15:01:53 2005 ;; MSG SIZE sent: 29 rcvd: 113 % dig cnn.com in aaaa ; <<>> DiG 8.3 <<>> cnn.com in aaaa ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51456 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUERY SECTION: ;; cnn.com, type = AAAA, class = IN ;; AUTHORITY SECTION: cnn.com. 3m56s IN SOA bender.turner.com. hostmaster.tbsnames.turner.com. ( 2005040700 ; serial 15M ; refresh 5M ; retry 1W ; expiry 15M ) ; minimum ;; Total query time: 16 msec ;; FROM: me to SERVER: 206.13.28.12 ;; WHEN: Mon Apr 11 15:02:09 2005 ;; MSG SIZE sent: 25 rcvd: 95 It shouldn't be hard to duplicate my tests. To recap, there are now three open issues: 1) Is negative caching functioning as expected? [For AAAA queries when dnsmasq has been compiled with -DNO_IPV6] 2) Is cached NXDOMAIN information being used to its full extent? 3) Is it practical to--as an option--intercept IPv6 address lookups as previously described? -=EPS=-