host your subdomain on your own ?

Grant Taylor gtaylor at
Sat Nov 13 16:10:15 UTC 2021

On 11/13/21 7:29 AM, Tony Finch wrote:
> You should make sure that your public nameservers return a definite 
> nodata or NXDOMAIN reply for your private names, not REFUSED, nor a 
> referral to an RFC 1918 address. The latter two will cause resolvers 
> to retry, and the retries can become a large proportion of your total 
> authoritative query traffic.

Please elaborate on the mechanics behind returning a ""private IP 
causing resolvers to retry?  Is it the resolvers rejecting the ""private 
IP and retrying?  Or is it the end systems behind the resolvers failing 
to be able to use the resolved private IP and trying resolution again? 
How and why does an authoritative server returning authoritative data 
cause resolvers / clients to send more queries?

Note:  I'm expanding "private" to be an IP that is not globally 
accessible, because it's RFC 1918 (et al.), not globally routed, 
firewalled, etc.  If this is not a fair expansion, please enlighten me.

Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the bind-users mailing list