From owner-freebsd-current@FreeBSD.ORG Thu Aug 2 06:52:07 2007 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EEB9916A418; Thu, 2 Aug 2007 06:52:07 +0000 (UTC) (envelope-from Peter_Losher@isc.org) Received: from mx.isc.org (mx.isc.org [IPv6:2001:4f8:0:2::1c]) by mx1.freebsd.org (Postfix) with ESMTP id D027713C48D; Thu, 2 Aug 2007 06:52:07 +0000 (UTC) (envelope-from Peter_Losher@isc.org) Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "farside.isc.org", Issuer "ISC CA" (verified OK)) by mx.isc.org (Postfix) with ESMTP id C10DE114087; Thu, 2 Aug 2007 06:52:07 +0000 (UTC) (envelope-from Peter_Losher@isc.org) Received: from tardis.plosh.net (tardis.vpn.isc.org [149.20.66.3]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by farside.isc.org (Postfix) with ESMTP id 51DD1E6023; Thu, 2 Aug 2007 06:52:07 +0000 (UTC) (envelope-from Peter_Losher@isc.org) Message-ID: <46B17F0F.20108@isc.org> Date: Wed, 01 Aug 2007 23:51:59 -0700 From: Peter Losher User-Agent: Thunderbird 2.0.0.5 (Macintosh/20070716) MIME-Version: 1.0 To: freebsd-stable@freebsd.org, freebsd-current@freebsd.org References: <30863.1186034398@critter.freebsd.dk> In-Reply-To: <30863.1186034398@critter.freebsd.dk> X-Enigmail-Version: 0.95.2 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig5DCA3B40C9F7A155CED380CD" Cc: Subject: Re: default dns config change causing major poolpah X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2007 06:52:08 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig5DCA3B40C9F7A155CED380CD Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Poul-Henning Kamp wrote: > That said, I fully agree with the spirit of this change, I have > myself seen what positive difference it makes for servers in Denmark > to have a slave of the .dk zone, particular for busy mailservers. One of the other objections I have with this change (other than the fact that it was made w/o consultation) is the fact that this is would become the "default" setting. Yes, busy mail servers may be better served by slaving frequently used zones, and as Vixie mentioned on the dns-operations list, there is less objection if "wizards" use AXFR, and they would perhaps know more of the pitfalls that doing this entails (vs. relying on hints). But the fact is this is being enabled for every Tom, Dick, and Sarah operating a OS who won't know what the possible ramifications are of this change, and the benefit compared to the downside is nonexistant. And that is *BAD, BAD, BAD*. Has this change been raised on the relevant IETF DNS operations list? These are the defaults we are talking about here. I will reiterate, this change needs to be rolled back until there has been more discussion. dbarton mentioned earlier that root operators make changes on a glacial scale. There is a reason for that. ;) Best Wishes - Peter --=20 Peter_Losher@isc.org | ISC | OpenPGP 0xE8048D08 | "The bits must flow" --------------enig5DCA3B40C9F7A155CED380CD Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iD8DBQFGsX8PPtVx9OgEjQgRArL5AJ9SOaLsdg8ZpwtpsoDuXJED2e+acACdFcRi 305fqdTfQ6bzIDl4MbkLC94= =hWnh -----END PGP SIGNATURE----- --------------enig5DCA3B40C9F7A155CED380CD--