Re: named.conf restored to hint zone for the root by default

From: Doug Barton <dougb_at_FreeBSD.org>
Date: Thu, 02 Aug 2007 14:49:25 -0700
Jeremy Chadwick wrote:
> On Thu, Aug 02, 2007 at 01:49:39PM -0700, Doug Barton wrote:
>> Oliver Fromme wrote:
>>> Hi,
>>> 
>>> Just for the record, I like the current solution, i.e. default 
>>> being a "hint" zone, and slave zones being commented out, ready
>>> to be used for those who know what they're doing.
> 
> I second this.  And although I like Doug's use of AXFR from the
> roots (like others reported, it definitely speeds things up), I
> also want to continue to respect rootserver operators and dns-ops's
> concerns.

Something that I haven't mentioned but I think is probably worth
pointing out is that at least for Paul Vixie (operator of f.root) the
concern is not for the root servers, it's for potential problems on
the client side. The following is from
http://lists.oarci.net/pipermail/dns-operations/2007-August/001920.html

i remain perplexed about the general perception that AXFR is bad for a
root name server.  it's not.  RFC1035 describes some resource
management techniques for TCP state blobs, which the root servers
follow.  the chance that an AXFR will be blown away by a TCP query is
very high, and so, it's bad for clients to make production use of AXFR
from busy servers.i remain perplexed about the general perception that
AXFR is bad for a root name server.  it's not.  RFC1035 describes some
resource management techniques for TCP state blobs, which the root
servers follow.  the chance that an AXFR will be blown away by a TCP
query is very high, and so, it's bad for clients to make production
use of AXFR from busy servers.

The 3 zones in question are actually really small:

-rw-r--r--  1 bind  wheel   1.6K Aug  2 14:25 arpa.slave
-rw-r--r--  1 bind  wheel    23K Aug  2 14:24 in-addr.arpa.slave
-rw-r--r--  1 bind  wheel    64K Aug  2 14:30 root.slave

so I'm not sure how much of a problem this is in practice.

> So offering the template configuration to do so, but not enabling
> it by default, is a very good thing.  Thank you for doing this,
> Doug.

Glad to do it. I'm also glad to see that this topic is getting serious
discussion.

Doug

-- 

    This .signature sanitized for your protection
Received on Thu Aug 02 2007 - 19:49:30 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:15 UTC