auth-nxdomain yes

Mark Andrews marka at
Mon Nov 16 05:39:02 UTC 2015

In message < at>, Go
rdon Freeman writes:
>  >> I'm  hoping the answer is yes, so that once an NXDOMAIN response  is
>  >> received by the name server, it will  not forward repeated queries for
>  >> that  same name, at least for as long as the negative cache TTL. 
>  >
>  > Named does that by default.  Not all authoritative sources however
>  > provide a cachable negative answer.
> But that's not what I'm seeing.  If a client sends 100 queries for a
> non-existent name to its nearest name server, all of them are forwarded
> on up.  What I want is for the name server to cache those NXDOMAIN
> answers so even if a client is slamming my DNS, my server is not in turn
> hammering those name servers upstream.

I suggest that you closely re-examine the query stream and the
answer stream because named both consolidates multiple queries and
caches negative answers.

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at

More information about the bind-users mailing list