Date: Wed, 18 Jul 2007 16:36:17 +1000 From: Mark Andrews <Mark_Andrews@isc.org> To: Volker <volker@vwsoft.com> Cc: "Heiko Wundram \(Beenic\)" <wundram@beenic.net>, freebsd-stable@freebsd.org Subject: Re: Problems with named default configuration in 6-STABLE Message-ID: <200707180636.l6I6aHjB049034@drugs.dv.isc.org> In-Reply-To: Your message of "Tue, 17 Jul 2007 11:44:18 %2B0200." <469C8F72.7040500@vwsoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 07/17/07 11:06, Heiko Wundram (Beenic) wrote: > > On Tuesday 17 July 2007 10:52:43 Volker wrote: > >> <snip> > >> Relying on a zone transfer doesn't seem to be reliable to me as more > >> than half of the root servers doesn't reply to AXFR requests. > > > > I've heard pretty much the same thing as you did wrt. root name servers > > denying AXFR, but as "it works" (TM), I don't see a reason not to use it. A > nd > > it seems that the author of the FreeBSD default named.conf thought likewise > , > > which is pretty okay with me (from the experience I gathered this morning). > > > > By the way: using the roots as hints only adds to the number of requests yo > ur > > server has to do in order to retrieve first-level domain name servers, so i > n > > the end, the transmitted data should be way higher than doing one AXFR to > > find them (simply because you'll see a large subset of those toplevel domai > ns > > being requested when you're publically offering a DNS server). And the data > > > is also cached on an AXFR in persistant storage, which is another major > > benefit (for me). > > > > Remember, AXFR requires a TCP transfer and not every firewall will > happily let it pass. Then the firewall is misconfigured. Ordinary DNS lookups can require TCP. That's what the "tc" flag is for. > > I (partially) agree to the speedup effects you mentioned but if just 5 > out of 13 root servers support AXFR, your bind will sit for a while to > find a root server responding to it's AXFR requests. That may eat up > your speed improvements. Type hint for the root zone always works > (regardless of the firewall and which root server is being queried). > > Volker > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707180636.l6I6aHjB049034>