On Jul 8, 2019, at 12:42 PM, Michael J. Sheldon <mshel...@godaddy.com> wrote: > If a record is requested from an authoritative server, where the zone does > not exist, generally the response is REFUSED, but *this is not cached* by the > requesting server. This results in a nearly continuous stream of retries, > which continue to result in the same response. Our authoritative servers see > no less than 15%, and sometimes as much as 25% of our worldwide traffic as > these non-authoritative responses.
A zone that doesn’t exist is actually a name that doesn’t exist under the enclosing zone that does exist, which may be the root zone. Are you saying that if I look up a name that is a subdomain of a name that doesn’t exist, that is handled differently than a name that is a subdomain of a name that is a zone, or something different? I’m not disputing the observed behavior—I’m just not clear on what that is. To put it another way, if you get a REFUSED from a server, that server is not authoritative for the name that you requested. Is the situation that you have a delegation from one server to another where the other is not actually configured to be authoritative for the delegated zone? If so, that is indeed an interesting conundrum.
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
