From owner-freebsd-stable Sun Jan 26 15: 3: 0 2003 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4C9E237B401 for ; Sun, 26 Jan 2003 15:02:59 -0800 (PST) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 63DA543EB2 for ; Sun, 26 Jan 2003 15:02:58 -0800 (PST) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.6/8.12.6) with ESMTP id h0QN2v73062717 for ; Sun, 26 Jan 2003 18:02:57 -0500 (EST) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.6/8.12.6/Submit) id h0QN2vVK062716 for freebsd-stable@FreeBSD.ORG; Sun, 26 Jan 2003 18:02:57 -0500 (EST) (envelope-from barney) Date: Sun, 26 Jan 2003 18:02:57 -0500 From: Barney Wolff Cc: freebsd-stable@FreeBSD.ORG Subject: Re: 4.7-R-p3: j.root-servers.net Message-ID: <20030126230257.GA62541@pit.databus.com> References: <20030126130837.GA399@gicco.homeip.net> <20030126224956.K27492-100000@voo.doo.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030126224956.K27492-100000@voo.doo.net> User-Agent: Mutt/1.4i X-Scanned-By: MIMEDefang 2.28 (www . roaringpenguin . com / mimedefang) Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Jan 26, 2003 at 11:48:00PM +0100, Marc Schneiders wrote: > > A more permanent solution is to run secondary for root. This has > several advantages. One being speed. The root data will be on your > machine and automatically refreshed every 30 minutes (only when there > are changes, so no useless traffic) by AXFR. If there is another DDoS > attack on the root-servers, you won't suffer from it, for you have the > data yourself. And they don't change much. This strikes me as a Really Bad Idea. It increases the load on the roots that you target, and leaves you high and dry if those roots decide to deny zone transfers, as they should. The TTLs returned by the roots are plenty long enough to provide a cushion for any outages, and if the roots are truly gone longer than that, the whole Internet will not be working. As has been amply pointed out, named will learn the current roots if even one root that it knows about is correct and functioning. This is a complete non-issue. And of course, using the "alternate" roots is evil. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message