> Jeremy Chadwick wrote: > > On Thu, Aug 02, 2007 at 01:49:39PM -0700, Doug Barton wrote: > >> Oliver Fromme wrote: > >>> Hi, > >>> > >>> Just for the record, I like the current solution, i.e. default > >>> being a "hint" zone, and slave zones being commented out, ready > >>> to be used for those who know what they're doing. > > > > I second this. And although I like Doug's use of AXFR from the > > roots (like others reported, it definitely speeds things up), I > > also want to continue to respect rootserver operators and dns-ops's > > concerns. > > Something that I haven't mentioned but I think is probably worth > pointing out is that at least for Paul Vixie (operator of f.root) the > concern is not for the root servers, it's for potential problems on > the client side. The following is from > http://lists.oarci.net/pipermail/dns-operations/2007-August/001920.html > > i remain perplexed about the general perception that AXFR is bad for a > root name server. it's not. RFC1035 describes some resource > management techniques for TCP state blobs, which the root servers > follow. the chance that an AXFR will be blown away by a TCP query is > very high, and so, it's bad for clients to make production use of AXFR > from busy servers.i remain perplexed about the general perception that > AXFR is bad for a root name server. it's not. RFC1035 describes some > resource management techniques for TCP state blobs, which the root > servers follow. the chance that an AXFR will be blown away by a TCP > query is very high, and so, it's bad for clients to make production > use of AXFR from busy servers. > > The 3 zones in question are actually really small: > > -rw-r--r-- 1 bind wheel 1.6K Aug 2 14:25 arpa.slave > -rw-r--r-- 1 bind wheel 23K Aug 2 14:24 in-addr.arpa.slave > -rw-r--r-- 1 bind wheel 64K Aug 2 14:30 root.slave > > so I'm not sure how much of a problem this is in practice. I also suspect that using accept filters will mitigate some of the problem. If someone was to write a DNS accept filter that would help. > > So offering the template configuration to do so, but not enabling > > it by default, is a very good thing. Thank you for doing this, > > Doug. > > Glad to do it. I'm also glad to see that this topic is getting serious > discussion. > > Doug > > -- > > This .signature sanitized for your protection > _______________________________________________ > freebsd-stable_at_freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe_at_freebsd.org" -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews_at_isc.orgReceived on Fri Aug 03 2007 - 00:12:16 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:15 UTC