How does *not* responding to a UDP query take longer for the *server* than responding to UDP a query? Both responding and (deliberately) not responding require identifying the query, but not responding bypasses the time the server would need to construct the response, plus time spent in the network stack. (I'm assuming we don't care about client side "expense".)
Of course, if not responding to a UDP query provokes a TCP query, that might increase the total server time needed, since TCP is inherently more expensive for short transactions like DNS. P.S. If you have something like iptables (with its string matching) in front of your DNS server, you could just drop UDP queries for bogus domains rather than letting them in at all. Or you could even route them to a special lightweight server that just yields canned responses. (This wouldn't work for TCP, because the query doesn't come until after the connection is established.) On Mon, 25 Jun 2018 15:32:44 +0200 Reindl Harald <h.rei...@thelounge.net> wrote: > > > Am 25.06.2018 um 05:39 schrieb Paul Kosinski: > > Is it possible to get BIND not to respond at all, thereby causing > > a timeout on the query? That would perhaps reduce load more than > > NXDOMAIN or deleting the sone(s) would. > > timeouts are expensive for both sides by definition > > > On Mon, 25 Jun 2018 00:03:09 +0200 > > jo...@hasig.de wrote: > > > >> yes, but it minimizes the use of resources because the only answer > >> is nxdomain. j. > >> > >> Am 24.06.2018 um 23:41 schrieb Barry Margolin: > >>> In article <mailman.70.1529876093.803.bind-us...@lists.isc.org>, > >>> jo...@hasig.de wrote: > >>> > >>>> hi, > >>>> why dont you just delete the zones? > >>> > >>> That won't stop the queries from coming to the server > > _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
