Grant Taylor via bind-users <bind-users@lists.isc.org> wrote: > On 11/13/21 7:29 AM, Tony Finch wrote: > > You should make sure that your public nameservers return a definite nodata > > or NXDOMAIN reply for your private names, not REFUSED, nor a referral to an > > RFC 1918 address. The latter two will cause resolvers to retry, and the > > retries can become a large proportion of your total authoritative query > > traffic. > > Please elaborate on the mechanics behind returning a ""private IP > causing resolvers to retry? Is it the resolvers rejecting the ""private > IP and retrying?
Yes, because they get a referral to nameservers that don't respond or that respond incorrectly. Tony. -- f.anthony.n.finch <d...@dotat.at> https://dotat.at/ Forties: East or southeast, veering south later, 4 to 6. Moderate. Fog patches at first. Moderate or good, occasionally very poor at first. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
