Date: Thu, 2 Aug 2007 06:26:46 +0200 From: "Thijs Eilander" <eilander@myguard.nl> To: "'Doug Barton'" <dougb@FreeBSD.org>, "'FreeBSD Current'" <freebsd-current@freebsd.org>, "'FreeBSD Stable'" <freebsd-stable@freebsd.org> Subject: RE: default dns config change causing major poolpah Message-ID: <000d01c7d4bd$568d0b60$03a72220$@nl> In-Reply-To: <46B0EDEA.8050608@FreeBSD.org> References: <46B01D5E.6050004@psg.com> <20070801110727.GC59008@menantico.com> <46B0EDEA.8050608@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>If there is a consensus based on solid technical reasons (not emotion >or FUD) to back the root zone slaving change out, I'll be glad to do >so. I think it would be very useful at this point if those who _like_ >the change would speak up publicly as well. For starters, I am doing it since 1998 (and not only in named) on busy dns servers. I like the idea.... but not the change. Motivation: 1) Not everyone is an admin on a "busy nameservers". Is it really necessary to include it in the distribution? A lot of people don't even get it, they just setup their homemade firewall/dnsserver. Do those people need to slave the rootservers by default? Why? 2) Skilled administrators are aware of the slave trick, or they fetch root.zone.gz once a week. Why include it for the skilled at expense of the clueless people from argument 1 ? An idea: Why not fetching the root.zone.gz file itself once a week? Matthew Dillon send a nice getroot script to this discussion, I think we should put an adjusted script in /etc/periodic/weekly. this seems to be a cleaner way than using axfr on rootservers which don't notify us on changes. (Benefit: the root.zone.gz is signed, axfr probably not). Personally I think this serves the same goal and hopefully in a less annoying way, without having to worry (or argue!) about axfr is still allowed for at least next 2 years. Just another 2 cents for in your moneybag, what will you do with all those 'funding' ? :) With kind regards, Thijs Eilander
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000d01c7d4bd$568d0b60$03a72220$>