negative cache problem

[Barry Margolin]

In article <9336tl$afv at pub3.rc.vix.com>,  <atom at suspicious.org> wrote:
>isp1.com provides service to isp2.com
>
>isp2.com registers domains that it hosts with name servers:
>dns.isp2.com
>dns.isp1.com
>
>isp2.com is run by a mad-man that has a hard time keeping track of what
>he's hosting, making maintanence of his domains in dns.isp1.com nearly
>impossible to keep track of.
>
>problem is... when dns.isp1.com looks up a name that's hosted by
>isp2.com, it 'asks' the root-name-servers, and one of the authoritative
>answers it receives is itself... since it dosen't know, it creates a
>negative-cache for that domain.
>
>is there any way to solve this without scripting, or creating entries
>for all domains hosted by isp2.com????
>
>is there a way that BIND can see that one of the name servers for the
>domain is itself, then ask the OTHER name server, and cache that answer?

BIND can do that.  The reason it doesn't is because the queries that come
to the authoritative servers normally don't have the "Recursion Desired"
flag set.  Since the client specifically said *not* to perform a recursive
query, it doesn't.

When the server gets a query like this, and it doesn't have the answer in
its cache, it returns a "Server Failed" status code to the client.  The
client should then try one of the other nameservers itself.

I assume you're ISP1, so why are you concerned about this?  If ISP2 can't
do their job properly, that's not your problem (well, I guess if he goes
out of business because of his ineptness, you lose a paying customer, so
you do have an interest in his success).

-- 
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.