Date: Mon, 27 Jan 2003 10:57:24 +1100 From: Mark.Andrews@isc.org To: Barney Wolff <barney@pit.databus.com> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: 4.7-R-p3: j.root-servers.net Message-ID: <200301262357.h0QNvOEN056460@drugs.dv.isc.org> In-Reply-To: Your message of "Sun, 26 Jan 2003 18:02:57 CDT." <20030126230257.GA62541@pit.databus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Sun, Jan 26, 2003 at 11:48:00PM +0100, Marc Schneiders wrote: > > > > A more permanent solution is to run secondary for root. This has > > several advantages. One being speed. The root data will be on your > > machine and automatically refreshed every 30 minutes (only when there > > are changes, so no useless traffic) by AXFR. If there is another DDoS > > attack on the root-servers, you won't suffer from it, for you have the > > data yourself. And they don't change much. > > This strikes me as a Really Bad Idea. It increases the load on the roots > that you target, and leaves you high and dry if those roots decide to > deny zone transfers, as they should. The TTLs returned by the roots are > plenty long enough to provide a cushion for any outages, and if the roots > are truly gone longer than that, the whole Internet will not be working. Firstly there is no proof that it will actually increase the load on the roots. It may well decrease the load. The analysis has not been done. Secondly it is more robust. You are no longer dependent on having to be able to reach a root server when your nameserver starts. Thirdly the vast majority (>90%) of the queries to the roots result in negative answers. These are cached for a much shorter period than the positive answers. Forth you don't need to have every one of your nameservers talking to the root servers. You can use one server to get the zone and use it to distribute the zone to your other servers. Mark > As has been amply pointed out, named will learn the current roots if even > one root that it knows about is correct and functioning. This is a > complete non-issue. > > And of course, using the "alternate" roots is evil. > > -- > Barney Wolff http://www.databus.com/bwresume.pdf > I'm available by contract or FT, in the NYC metro area or via the 'Net. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message -- Mark Andrews, Internet Software Consortium 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301262357.h0QNvOEN056460>