Paul Vixie <p...@redbarn.org> wrote: > > the reason i use SERVFAIL for NOTAUTH is because what i want the initiator to > do when i'm configured as primary but can't read my zone file, or am > configured as secondary but can't write my zone file, is the same as what i > want when i'm not configured for the zone: cache this failure under a > hold-down timer so as not to melt the tubez, but do try again later in case > i'm merely late to change my config, or flubbed my config in some way.
I'm interested in this discussion. Recently I changed private.cam.ac.uk so that queries from off-campus get NXDOMAIN instead of REFUSED. This had the unanticipated effect of halving the query load on our authoritative servers. Not really surprising except perhaps for the size of the effect. I've had a skim through BIND's resolver code to see how the lame server cache works. It's, um, not simple :-) but as far as I can see, both SERVFAIL and REFUSED responses get the server put in the lame cache. (BIND's servfail cache is different - that's for failures of this server itself, not the servers it is sending queries to.) Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ - I xn--zr8h punycode Fisher, German Bight: Northwest backing south 4 or 5, veering southwest 5 to 7 later. Moderate, occasionally rough. Showers. Moderate or good. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop