> Why are you going through all of these gyrations? The forwarding algorithm > in BIND has for a long time been based on RTT, so if one forwarder, or a set > of forwarders, stops working, the other(s) will be used automatically. In > other words, forwarder failover works without any special configuration. > > I don't even understand your "forward first" solution. "Forward first" says > to use iterative (non-recursive) resolution if forwarding fails (i.e. all > the forwarders are non-responsive). How then can you use it to fail over > from one set of forwarders to another? I don't get it. If you send a > non-recursive query to a forwarder, you're at the mercy of whatever happens > to be in its cache at that particular time. You can't get reliable > resolution that way. > Oops, I misunderstood. But I want to resolve this problem: take news.qq.com for example, I DID saw that it's unresolvable to one group (they returned NXDomain), at meantime it's no problem to another group, and "dig news.qq.com +trace" returned correct answer on both group. It seems like it's just a temporary failure, but I want to correct. Any other choices?
>> Another problem: there's a lot of resolution on dns-cache querying >> a.root-servers.net, is it safe that i hijack a.root-servers.net to my >> own DNS? If it's safe, I can cut down queries to a.root-servers.net by >> millions of times per hour. > > If you're getting a lot of recursive queries for a.root-servers.net, you > have a misbehaving client that you need to track down and vaporize. > It's an ISP, hard to track down every one, I just want to suppress it that the misbehaving can't go further. Is it safe to hijack on dns-cache? _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
