Date: Wed, 01 Aug 2007 07:07:27 -0400 From: Skip Ford <skip@menantico.com> To: Randy Bush <randy@psg.com> Cc: FreeBSD Current <freebsd-current@freebsd.org>, FreeBSD Stable <freebsd-stable@freebsd.org> Subject: Re: default dns config change causing major poolpah Message-ID: <20070801110727.GC59008@menantico.com> In-Reply-To: <46B01D5E.6050004@psg.com> References: <46B01D5E.6050004@psg.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Randy Bush wrote: > the undiscussed and unannounced change to the default dns config to > cause local transfer of the root and arpa zone files has raised major > discussing in the dns operational community. (see the mailing list > dns-operations@mail.oarc.isc.org). > > did i miss the discussion here? No. There was none. > i have spent some hours turning off the default bind and going custom on > a dozen or so machines around the planet. i am not happy. > > what am i missing here? I don't have an axe to grind. I don't run the default config on any of my 2 dozen name servers (not all of which run bind anyway) so I wasn't really affected by the change. However, I thought it was a really, really, terrible idea, and a rather rude act considering it relies on the charity of others to not break. There is no requirement that FreeBSD users be permitted to slave the roots. Everyone who uses the default config can have their setups broken the day after installation. We never asked permission to use the resources of others in this way, and they're not required to allow us to do so. It's rude to assume they'll allow it, and it's risky to not receive permission beforehand to ensure slaving the roots will continue to work after RELEASE. The original commit message for the change indicated it was done to bring us in line with "current best practices" but that commit message is the only place I have ever seen anyone say that slaving the roots is current best practice. Again, I don't have an axe to grind and I really don't want to get in the middle of a personal attack. I don't think the world will explode, and in reality, there will probably be no problems at all, but if there aren't, it's because of pure luck not good planning or decision making. Microsoft makes much worse assumptions about the availability of the resources of others, but this is a Microsoft-ish decision, IMO. Just not a good plan. -- Skip
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070801110727.GC59008>