[RFCI-Discuss] "rfc-ignorant.(com,net)" lookups

[Jeff Makey]

The following advice assumes you will choose to keep the domains.

First, increasing the negative cache time in the SOA record ought to
help a little.  Current versions of BIND by default honor values up to
3 hours (max-ncache-ttl setting).

One idea is to add NS records pointing to 127.0.0.1 for the invalid
subdomains, but you'll need to watch carefully to see if it really
works.  Some resolvers may ignore such an obviously bogus NS record
and repeat their queries at a high rate.

Some people simply cannot be influenced to fix their misconfigured
queries.  Once you accept this, the rest of the plan is fairly
obvious:

1. Keeping your DNS servers from being overloaded is important, and
   the people who are willing to provide slave service for the real
   zones should also be willing to help with the placeholder zones to
   keep the whole system healthy.  If you explain the situation and
   ask politely, enough of them should respond positively to make this
   a non-issue.

2. If you still feel like pushing back, adding 127.0.0.254 A records
   for *.dsn.rfc-ignorant.com and the other variations will get the
   job done, but be sure to have some kind of non-A record for
   example.tld to keep the wildcard from matching that.  Documenting
   that return value on the web site will help the
   confused-but-not-clueless, but you should still expect bitter
   complaints from a different set of people than the ones who
   complain about the real zones.

                          :: Jeff Makey
                             jeff at sdsc.edu