Negative caching
Brad Knowles
brad.knowles at skynet.be
Thu Sep 27 22:45:40 UTC 2001
At 11:05 AM -0700 9/27/01, Nate Campi wrote:
> An alternative would be to restrict queries with 'allow-query'
> directives in your named.conf to only allow queries for zones for which
> you are authoritative. More work, but you can still allow queries from
> any internal resolvers that need to use your nameserver, so no loss in
> functionality.
Even with "allow-query" set, you can still get overloaded by
people asking you for zones you do not host, but which are delegated
to you. This primarily comes from misconfigured nameservers. The
solution is to configure yourself to be authoritative for your own
version of the zone in question, and point it to your own servers.
--
Brad Knowles, <brad.knowles at skynet.be>
H4sICIFgXzsCA2RtYS1zaWcAPVHLbsMwDDvXX0H0kkvbfxiwVw8FCmzAzqqj1F4dy7CdBfn7
Kc6wmyGRFEnvvxiWQoCvqI7RSWTcfGXQNqCUAnfIU+AT8OZ/GCNjRVlH0bKpguJkxiITZqes
MxwpSucyDJzXxQEUe/ihgXqJXUXwD9ajB6NHonLmNrUSK9nacHQnH097szO74xFXqtlbT3il
wMsBz5cnfCR5cEmci0Rj9u/jqBbPeES1I4PeFBXPUIT1XDSOuutFXylzrQvGyboWstCoQZyP
dxX4dLx0eauFe1x9puhoi0Ao1omEJo+BZ6XLVNaVpWiKekxN0VK2VMpmAy+Bk7ZV4SO+p1L/
uErNRS/qH2iFU+iNOtbcmVt9N16lfF7tLv9FXNj8AiyNcOi1AQAA
More information about the bind-users
mailing list