Negative zones; NXDOMAIN responses

Mark Andrews marka at
Tue May 21 12:23:32 UTC 2013

In message <20130521094444.GA18795 at>, Matus UHLAR - fantomas writes:
> >> On 21.05.13 11:03, Mark Andrews wrote:
> >> >	The simplest solution is to slave the root zone and
> >> >	turn off notify to so you don't spam the official
> >> >	root servers. is
> >In message <20130521072352.GA17623 at>, Matus UHLAR - fantomas writes:
> >> I thought this is not oficially recommended for ordinary users to prevent
> >> root servers from being overloaded (transfers use much more resources than
> >> ordinary lookups). Has this changed?
> On 21.05.13 18:02, Mark Andrews wrote:
> >Zone transfers of the root zone by recursive servers would actually
> >reduce the overall load on root nameservers.  The bigger the recursive
> >server the more this is true as most queries to the root servers
> >are for non-existent domains.  Actual referrals get cached which
> >draws legitimate traffic away from the root servers towards the TLD
> >servers.  16 SOA queries a day plus 2 AXFR/IXFR requests for normal
> >operations.
> >
> >Just don't add lots the root servers in the masters cause as the
> >root server operators do check that their servers are transfering
> >the root zone.
> But this makesthe situation worse for those who decided to do the slaving 
> - it creates a risk that root server forbids slaving in the future and after
> zone expiration the resolution will fail for all zones.
> ...I did slave root at my former employee (an ISP in slovakia), since I
> believed that this ISP is big enough that even roots would benefit from
> lower traffic. I found that 5 of root servers allow the transfer.
> and I found that the traffic towards root servers is really smaller enough.
> I'm just asking if this is wise for small hosts/companies.

I don't think that it matters much about the size of the server.
The roots are massively over provisioned with respect to serving
slave versions of the root.  That said if you are worried about it
use the servers referenced in Doug's email
or which have been specifically offered by
ICANN for this use.

> -- 
> Matus UHLAR - fantomas, uhlar at ;
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Micro$oft random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0...
> _______________________________________________
> Please visit to unsubscribe from this list
> bind-users mailing list
> bind-users at
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at

More information about the bind-users mailing list