Future of BIND's built-in empty zone list

Chris Thompson cet1 at cam.ac.uk
Sun May 17 15:12:36 UTC 2015


On May 14 2015, Rob Foehl wrote:
[...]
>Adding empty.as112.arpa to the list seems like a good idea, but removing 
>the existing empty zones does not -- they also prevent leaking internal 
>queries, which is both more noise for the root/IANA/AS112 infrastructure 
>to sink and a potential privacy concern.

Well, perhaps each case needs to be judged on its merits.

>There's also the minor benefit of fast responses from local resolvers, 
>which still matters for determinism in the initial query.  From where I 
>sit, the nearest blackhole.as112.arpa is 90+ms and an ocean away (v4 or 
>v6), and the existing AS112 nodes aren't much better.

As long as empty.as112.arpa is served locally, there would be no need
to access the as112 nameservers. It's the nameservers authoritative for
the DNAMEs pointing to it that are relevant, and of course one also
hopes these DNAMEs will have big TTLs so that they will remain cached.

-- 
Chris Thompson
Email: cet1 at cam.ac.uk





More information about the bind-users mailing list