So I read the relevant rfc's (2606 and 6761) where it clearly states:
...caching DNS servers SHOULD, by default, generate immediate negative responses for all such queries. This is to avoid unnecessary load on the root name servers and other name servers...
So I did a small test with the most recent bind9 in Debian as a caching only server, and it turns out it sends .local .localhost .example and .invalid to the root name servers ?! Only .test has an immediate response.
root@debian7:~# tcpdump port 53 -l | grep NX &
[1] 5699
root@debian7:~# tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
root@debian7:~# nslookup
> server 127.0.0.1
Default server: 127.0.0.1
Address: 127.0.0.1#53
> linux-training.local
09:22:15.932194 IP f.root-servers.net.domain > 10.0.2.15.46669: 49328 NXDomain*- 0/6/1 (656)
09:22:15.997731 IP j.root-servers.net.domain > 10.0.2.15.47262: 43556 NXDomain*- 0/6/1 (669)
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find linux-training.local: NXDOMAIN
> linux-training.localhost
09:22:23.099452 IP e.root-servers.net.domain > 10.0.2.15.60696: 22464 NXDomain*- 0/6/1 (673)
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find linux-training.localhost: NXDOMAIN
> linux-training.test
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find linux-training.test: NXDOMAIN
> linux-training.example
09:22:42.124036 IP e.root-servers.net.domain > 10.0.2.15.7293: 8476 NXDomain*- 0/6/1 (661)
09:22:42.141847 IP e.root-servers.net.domain > 10.0.2.15.15481: 31139 NXDomain*- 0/6/1 (671)
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find linux-training.example: NXDOMAIN
> linux-training.invalid
09:22:49.660427 IP e.root-servers.net.domain > 10.0.2.15.60321: 15655 NXDomain*- 0/6/1 (671)
09:22:49.753120 IP l.root-servers.net.domain > 10.0.2.15.63563: 48281 NXDomain*- 0/6/1 (671)
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find linux-training.invalid: NXDOMAIN
So I visit the root dns server stats and notice the top queries (in queries/second):
1 .com 3500
2 .net 2500
3 .local 1400
4 . 1100
5 .home 1100
6. (.com base 64)
7 .org 400
8. .belkin 300
The top five queries for BRU01 (a Belgian root name server) are a surprise:
1 .home 240
2 .localhost 53
3 .local 50
4 .com 19
5 .ru 12
(.be is negligible with 0.4 queries/second)
cheers,
paul
No comments:
Post a Comment