DNS-cache with custom gTLDs

[Drunkard Zhang]

> Why are you going through all of these gyrations? The forwarding algorithm
> in BIND has for a long time been based on RTT, so if one forwarder, or a set
> of forwarders, stops working, the other(s) will be used automatically. In
> other words, forwarder failover works without any special configuration.
>
> I don't even understand your "forward first" solution. "Forward first" says
> to use iterative (non-recursive) resolution if forwarding fails (i.e. all
> the forwarders are non-responsive). How then can you use it to fail over
> from one set of forwarders to another? I don't get it. If you send a
> non-recursive query to a forwarder, you're at the mercy of whatever happens
> to be in its cache at that particular time. You can't get reliable
> resolution that way.
>
Oops, I misunderstood. But I want to resolve this problem: take
news.qq.com for example, I DID saw that it's unresolvable to one group
(they returned NXDomain), at meantime it's no problem to another
group, and "dig news.qq.com +trace" returned correct answer on both
group. It seems like it's just a temporary failure, but I want to
correct. Any other choices?

>> Another problem: there's a lot of resolution on dns-cache querying
>> a.root-servers.net, is it safe that i hijack a.root-servers.net to my
>> own DNS? If it's safe, I can cut down queries to a.root-servers.net by
>> millions of times per hour.
>
> If you're getting a lot of recursive queries for a.root-servers.net, you
> have a misbehaving client that you need to track down and vaporize.
>
It's an ISP, hard to track down every one, I just want to suppress it
that the misbehaving can't go further. Is it safe to hijack on
dns-cache?