From owner-freebsd-stable@FreeBSD.ORG Thu Aug 2 21:49:30 2007 Return-Path: Delivered-To: freebsd-stable@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 696E016A417 for ; Thu, 2 Aug 2007 21:49:30 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx22.fluidhosting.com [204.14.89.5]) by mx1.freebsd.org (Postfix) with SMTP id 2180B13C45B for ; Thu, 2 Aug 2007 21:49:29 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: (qmail 21707 invoked by uid 399); 2 Aug 2007 21:49:29 -0000 Received: from localhost (HELO ?192.168.0.4?) (dougb@dougbarton.us@127.0.0.1) by localhost with ESMTP; 2 Aug 2007 21:49:29 -0000 X-Originating-IP: 127.0.0.1 Message-ID: <46B25165.5000303@FreeBSD.org> Date: Thu, 02 Aug 2007 14:49:25 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: freebsd-current@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG References: <200708022042.l72Kglpk047695@lurza.secnetix.de> <46B24363.2040903@FreeBSD.org> <20070802211330.GA12710@eos.sc1.parodius.com> In-Reply-To: <20070802211330.GA12710@eos.sc1.parodius.com> X-Enigmail-Version: 0.95.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Subject: Re: named.conf restored to hint zone for the root by default X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2007 21:49:30 -0000 Jeremy Chadwick wrote: > On Thu, Aug 02, 2007 at 01:49:39PM -0700, Doug Barton wrote: >> Oliver Fromme wrote: >>> Hi, >>> >>> Just for the record, I like the current solution, i.e. default >>> being a "hint" zone, and slave zones being commented out, ready >>> to be used for those who know what they're doing. > > I second this. And although I like Doug's use of AXFR from the > roots (like others reported, it definitely speeds things up), I > also want to continue to respect rootserver operators and dns-ops's > concerns. Something that I haven't mentioned but I think is probably worth pointing out is that at least for Paul Vixie (operator of f.root) the concern is not for the root servers, it's for potential problems on the client side. The following is from http://lists.oarci.net/pipermail/dns-operations/2007-August/001920.html i remain perplexed about the general perception that AXFR is bad for a root name server. it's not. RFC1035 describes some resource management techniques for TCP state blobs, which the root servers follow. the chance that an AXFR will be blown away by a TCP query is very high, and so, it's bad for clients to make production use of AXFR from busy servers.i remain perplexed about the general perception that AXFR is bad for a root name server. it's not. RFC1035 describes some resource management techniques for TCP state blobs, which the root servers follow. the chance that an AXFR will be blown away by a TCP query is very high, and so, it's bad for clients to make production use of AXFR from busy servers. The 3 zones in question are actually really small: -rw-r--r-- 1 bind wheel 1.6K Aug 2 14:25 arpa.slave -rw-r--r-- 1 bind wheel 23K Aug 2 14:24 in-addr.arpa.slave -rw-r--r-- 1 bind wheel 64K Aug 2 14:30 root.slave so I'm not sure how much of a problem this is in practice. > So offering the template configuration to do so, but not enabling > it by default, is a very good thing. Thank you for doing this, > Doug. Glad to do it. I'm also glad to see that this topic is getting serious discussion. Doug -- This .signature sanitized for your protection