Removing root zone hints for authoritative nameservers
bind at wsanders.net
Fri Feb 17 21:54:25 UTC 2006
Thanks to all who replied to my query. I'm not going to remove the
root zone hints just yet, they are cached and don't really hurt
performance that much.
What's interesting is that I enabled zone-statistics and I'm having
fun looking at the data. I've found that I am sending "referral
responses" for reverse zones I *am* authoritative for, and for a valid
reason - "classless" reverse delegation. These zones are somewhat
oddly configured, with an NS record assigned to each of the individual
IPs in the class-C. For example:
$ dig 126.96.36.199.in-addr.arpa any
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 183
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;188.8.131.52.in-addr.arpa. IN ANY
;; ANSWER SECTION:
184.108.40.206.in-addr.arpa. 1172 IN NS ns1.speedhost.com.
;; ADDITIONAL SECTION:
ns1.speedhost.com. 83964 IN A 220.127.116.11
$ dig +trace 18.104.22.168.in-addr.arpa any
[. query deleted, yadda yadda yadda]
[66.in-addr.arpa. query deleted, yadda yadda yadda]
164.7.66.in-addr.arpa. 86400 IN NS ns2.yipes.com.
164.7.66.in-addr.arpa. 86400 IN NS ns1.yipes.com.
;; Received 88 bytes from 22.214.171.124#53(chia.ARIN.NET) in 86 ms
126.96.36.199.in-addr.arpa. 3600 IN NS ns1.speedhost.com.
;; Received 74 bytes from 188.8.131.52#53(ns2.yipes.com) in 36 ms
184.108.40.206.in-addr.arpa. 86400 IN PTR yipesgw.speedhost.com.
164.7.66.in-addr.arpa. 86400 IN NS ns2.speedhost.com.
164.7.66.in-addr.arpa. 86400 IN NS ns3.speedhost.com.
164.7.66.in-addr.arpa. 86400 IN NS ns.speedhost.com.
;; Received 179 bytes from 220.127.116.11#53(ns1.speedhost.com) in 53 ms
Removing the root zone hints wouldn't affect this, I just wanted to
post this to show there was a valid reason for authoritative only
servers to return referral responses.
More information about the bind-users