From owner-freebsd-stable Sun Jan 26 15:12:56 2003 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D48CE37B401 for ; Sun, 26 Jan 2003 15:12:54 -0800 (PST) Received: from voo.doo.net (voo.doo.net [81.17.45.210]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5652F43F13 for ; Sun, 26 Jan 2003 15:12:53 -0800 (PST) (envelope-from marc@schneiders.org) Received: from localhost (localhost [127.0.0.1]) by voo.doo.net (8.12.6/8.12.6) with ESMTP id h0QNCm6Z027891; Mon, 27 Jan 2003 00:12:49 +0100 (CET) (envelope-from marc@schneiders.org) Date: Mon, 27 Jan 2003 00:12:48 +0100 (CET) From: Marc Schneiders X-X-Sender: To: Barney Wolff Cc: Subject: Re: 4.7-R-p3: j.root-servers.net In-Reply-To: <20030126230257.GA62541@pit.databus.com> Message-ID: <20030127000536.O27492-100000@voo.doo.net> X-Preferred-email-to: marc@schneiders.org X-Other-email-to: marc@venster.nl X-Organization: Venster (Zeist - NL) X-URL: http://www.bijt.net/ X-SOA: A.ROOT-SERVERS.ORSC. X-OS: FreeBSD: The Power to Serve MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, 26 Jan 2003, at 18:02 [=GMT-0500], Barney Wolff wrote: > On Sun, Jan 26, 2003 at 11:48:00PM +0100, Marc Schneiders wrote: > > > > A more permanent solution is to run secondary for root. This has > > several advantages. One being speed. The root data will be on your > > machine and automatically refreshed every 30 minutes (only when there > > are changes, so no useless traffic) by AXFR. If there is another DDoS > > attack on the root-servers, you won't suffer from it, for you have the > > data yourself. And they don't change much. > > This strikes me as a Really Bad Idea. It increases the load on the roots > that you target, Prove this. It is only true of your nameserver doesn't do anything or much. If it is busy, it will actually mean less load on the rootserver(s). For there will be no traffic for the many non-existing top level domains that originate in typos. Your own machine will give the NXDomain amswer. > and leaves you high and dry if those roots decide to > deny zone transfers, This would be true for any other automatic method. That is why I suggest to put in all three IP numbers. > as they should. Opinions differ on this. Since DNS-guru Paul Vixie still lets us AXFR from his rootserver (F). it cannot be that bad. > The TTLs returned by the roots are > plenty long enough to provide a cushion for any outages, and if the roots > are truly gone longer than that, the whole Internet will not be working. There are two issues, which you are mixing up. Speed will always be better when you secondary root. Security will not be much better, but just a little. > As has been amply pointed out, named will learn the current roots if even > one root that it knows about is correct and functioning. This is a > complete non-issue. I am not saying, that hints does not work. Just that there is an aletrnative method, which I and others prefer. Do not pretend there is consensus about this among DNS people. > And of course, using the "alternate" roots is evil. I knew you were a religious person. -- [01] All ideas are vintage not new or perfect. http://logoff.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message