From owner-freebsd-current@FreeBSD.ORG Thu Aug 2 04:45:54 2007 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AA6EB16A46C; Thu, 2 Aug 2007 04:45:54 +0000 (UTC) (envelope-from eilander@myguard.nl) Received: from obsessive.paranoid.nl (paranoid.nl [193.227.121.145]) by mx1.freebsd.org (Postfix) with ESMTP id 6702413C47E; Thu, 2 Aug 2007 04:45:54 +0000 (UTC) (envelope-from eilander@myguard.nl) Received: from eilanderPC (cp1018919-b.gelen1.lb.home.nl [84.28.158.163]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: eilander) by obsessive.paranoid.nl (Postfix) with ESMTP id EE89E3984A; Thu, 2 Aug 2007 06:26:52 +0200 (CEST) From: "Thijs Eilander" To: "'Doug Barton'" , "'FreeBSD Current'" , "'FreeBSD Stable'" References: <46B01D5E.6050004@psg.com> <20070801110727.GC59008@menantico.com> <46B0EDEA.8050608@FreeBSD.org> In-Reply-To: <46B0EDEA.8050608@FreeBSD.org> Date: Thu, 2 Aug 2007 06:26:46 +0200 Message-ID: <000d01c7d4bd$568d0b60$03a72220$@nl> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcfUe0u7MiXJz3GqSVWw0He0csoq5gAOuqnA Content-Language: nl X-paranoid.nl-MailScanner-Information: Please contact the ISP for more information X-paranoid.nl-MailScanner: Found to be clean X-MailScanner-From: eilander@myguard.nl Cc: Subject: RE: default dns config change causing major poolpah X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2007 04:45:54 -0000 >If there is a consensus based on solid technical reasons (not emotion >or FUD) to back the root zone slaving change out, I'll be glad to do >so. I think it would be very useful at this point if those who _like_ >the change would speak up publicly as well. For starters, I am doing it since 1998 (and not only in named) on busy dns servers. I like the idea.... but not the change. Motivation: 1) Not everyone is an admin on a "busy nameservers". Is it really necessary to include it in the distribution? A lot of people don't even get it, they just setup their homemade firewall/dnsserver. Do those people need to slave the rootservers by default? Why? 2) Skilled administrators are aware of the slave trick, or they fetch root.zone.gz once a week. Why include it for the skilled at expense of the clueless people from argument 1 ? An idea: Why not fetching the root.zone.gz file itself once a week? Matthew Dillon send a nice getroot script to this discussion, I think we should put an adjusted script in /etc/periodic/weekly. this seems to be a cleaner way than using axfr on rootservers which don't notify us on changes. (Benefit: the root.zone.gz is signed, axfr probably not). Personally I think this serves the same goal and hopefully in a less annoying way, without having to worry (or argue!) about axfr is still allowed for at least next 2 years. Just another 2 cents for in your moneybag, what will you do with all those 'funding' ? :) With kind regards, Thijs Eilander