DNS-cache with custom gTLDs

Matus UHLAR - fantomas uhlar at fantomas.sk
Wed Sep 21 12:48:15 UTC 2011


>2011/9/20 Drunkard Zhang <gongfan193 at gmail.com>:
>> I got 4 DNSs doing recursive resolution, which splited into 2 groups,
>> and a couple of dns caches. Each group of recursion DNS using their
>> own net link, which is different.
>>
>> Here's problem: I want a dns-cache to use one group of recursion DNS
>> as their forwarders, and use another group as backup. ( I have to,
>> because 2 groups of recursion DNS get different results, and sometimes
>> one of them can't resolves, while another can. ) All solution I can
>> find out is "forward first" to one group, and use all 2 groups as
>> gTLDs, is this __safe__?

On 21.09.11 19:33, Drunkard Zhang wrote:
>This is not working... I did some test, and if dns-cache got a
>NXDomain response, it won't go any far. Is it intended? or I missed
>something? I'm using 9.7.3-P3. Here's my configuration on dns-cache.

It IS indented. The NXDOMAIN means that the requested name does not 
exist. It is a correct DNS answer and DNS client should not search any 
further.

If there is a domain name for which some servers return an positive 
answer, and some negative one, then there is something broken with that 
domain.

>> Another problem: there's a lot of resolution on dns-cache querying
>> a.root-servers.net, is it safe that i hijack a.root-servers.net to my
>> own DNS?

I think you should not hijack others' DNS requests. Blocking them would 
be much more correct. Note that there are more root servers than just 
a.root-servers.net - if someone queries this one server, something is 
apparently broken at their side.

>When I query a name, the dns-cache queries forwarders for gTLDs
>instead of using local hint file, why?

local "hint" file? I'm not sure what you mean here. 

> And the dns-cache does not
>trust forwarder returned result when set "forward first", is it
>possible to fake it?

Why do you think it does not trust what forwarder returned?

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Depression is merely anger without enthusiasm. 



More information about the bind-users mailing list