host your subdomain on your own ?
Grant Taylor
gtaylor at tnetconsulting.net
Sat Nov 13 16:10:15 UTC 2021
On 11/13/21 7:29 AM, Tony Finch wrote:
> You should make sure that your public nameservers return a definite
> nodata or NXDOMAIN reply for your private names, not REFUSED, nor a
> referral to an RFC 1918 address. The latter two will cause resolvers
> to retry, and the retries can become a large proportion of your total
> authoritative query traffic.
Please elaborate on the mechanics behind returning a ""private IP
causing resolvers to retry? Is it the resolvers rejecting the ""private
IP and retrying? Or is it the end systems behind the resolvers failing
to be able to use the resolved private IP and trying resolution again?
How and why does an authoritative server returning authoritative data
cause resolvers / clients to send more queries?
Note: I'm expanding "private" to be an IP that is not globally
accessible, because it's RFC 1918 (et al.), not globally routed,
firewalled, etc. If this is not a fair expansion, please enlighten me.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20211113/2889bbdb/attachment-0001.bin>
More information about the bind-users
mailing list