> I'm not talking of DNS *resolvers* here. I'm talking of authoritative > servers. If my authoritative server is authoritative for zones A, B and > C, then I should only get queries for those zones from legitimate > resolvers and clients. Queries for any other zones should *not* be > coming to my server. I shouldn't even be obliged to answer with REFUSED. > I should just be able to ignore those queries completely as junk.
Agree that you should be able to ignore them. But as a practical matter, ignoring them *may* result in the question being asked again and again, while REFUSED *may* stop the client from asking more. I run one of the authoritative name servers for no (Norway). That name server receives its share of completely irrelevant queries, e.g. (25 queries from just now): NS? . ANY? sl. ANY? sl. A? d2cnv2pop2xy4v.cloudfront.net. NS? . A? www.google.li. A? tussilagobarnehage-no02c.mail.protection.outlook.com. A? handball-havdur-no.mail.protection.outlook.com. A? tronica-no.mail.protection.outlook.com. A? storage-support.glb.itcs.hpe.com. A? msgr-latest.c10r.facebook.com. NS? . A? mqtt.c10r.facebook.com. A? inappcheck.itunes.apple.com.edgekey.net. Type65? inappcheck.itunes.apple.com.edgekey.net. Type65? e69896.dscapi6.akamaiedge.net. A? e69896.dscapi6.akamaiedge.net. A? javvs-no.mail.protection.outlook.com. A? clients4.google.com. A? clients.l.google.com. A? storage-support.glb.itcs.hpe.com. A? au-bg-shim.trafficmanager.net. NS? . ANY? sl. ANY? sl. And here again we see the queries for .sl. In any case, the volume of these queries is so low (on the order of 0.1% of the total) that I don't really care. I'm not going to spend any time worrying about the resource usage of these queries. Steinar Haug, Nethelp consulting, sth...@nethelp.no _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
