Re: DNS - connection limit (without any extra hardware)

[Mark Andrews <Mark_Andrews () isc org>]

In article <Pine.LNX.4.64.0612111613480.26126 () pants snark net> you write:
> On Mon, 11 Dec 2006, Simon Waters wrote:
>
> > Yes. Most of the root server traffic is answering queries with
> > "NXDOMAIN" for non-existant top level domains, if you slave root 
> > on your recursive servers, your recursive servers can answer those 
> > queries directly (from the 120KB root zone file), rather than 
> > relying on negative caching, and a round trip to the root 
> > servers, for every new non-existant domain.
>
> That would require configuring my caching server with authoritative 
> zones, and it seems prevailing wisdom (at least with BIND 
> configurations?) is to keep the peanut butter seperate from the 
> chocolate, no matter how great they taste together, to the best
> of my knowledge.
>
> matto

        No.  The wisdom is to not make your authoritative servers
        caches.  This is not the same as not making your caches
        authoritative for certain zones.  Just don't have the caches
        listed in the NS RRsets.  Note:  You will need to configure
        your master server(s) to notify the caches for the zone
        that slave as the automatic mechanisms won't discover them.

        Mark

> --matt () snark net------------------------------------------<darwin><
>   Moral indignation is a technique to endow the idiot with dignity.
>                                                 - Marshall McLuhan