![]() ![]() ![]() NSEC and NSEC3 records can both be cached and your resolver can synthesise NXDOMAIN records for them. Thus if your nameserver supports this, it can say "there are no valid names between. With DNSSEC there are two new records (NSEC, NSEC3), that let you say "between these two names, I guarantee there is no valid records". So if you run a large nameserver, you quickly find that most of your DNS queries are very obviously rubbish. These queries get passed to your ISP, and then on towards the root name servers. It turns out lots of things will resolve anything that looks vaguely like a hostname to see if, in fact, they are a hostname. ![]() There's lots of "privacy" improving DNS servers, but none of them mention trying to remove unintentional DNS queries. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |