Date: Fri, 03 Aug 2007 12:12:15 +1000 From: Mark Andrews <Mark_Andrews@isc.org> To: Doug Barton <dougb@freebsd.org> Cc: freebsd-current@freebsd.org, freebsd-stable@freebsd.org Subject: Re: named.conf restored to hint zone for the root by default Message-ID: <200708030212.l732CFE5011664@drugs.dv.isc.org> In-Reply-To: Your message of "Thu, 02 Aug 2007 14:49:25 MST." <46B25165.5000303@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Jeremy Chadwick wrote: > > On Thu, Aug 02, 2007 at 01:49:39PM -0700, Doug Barton wrote: > >> Oliver Fromme wrote: > >>> Hi, > >>> > >>> Just for the record, I like the current solution, i.e. default > >>> being a "hint" zone, and slave zones being commented out, ready > >>> to be used for those who know what they're doing. > > > > I second this. And although I like Doug's use of AXFR from the > > roots (like others reported, it definitely speeds things up), I > > also want to continue to respect rootserver operators and dns-ops's > > concerns. > > Something that I haven't mentioned but I think is probably worth > pointing out is that at least for Paul Vixie (operator of f.root) the > concern is not for the root servers, it's for potential problems on > the client side. The following is from > http://lists.oarci.net/pipermail/dns-operations/2007-August/001920.html > > i remain perplexed about the general perception that AXFR is bad for a > root name server. it's not. RFC1035 describes some resource > management techniques for TCP state blobs, which the root servers > follow. the chance that an AXFR will be blown away by a TCP query is > very high, and so, it's bad for clients to make production use of AXFR > from busy servers.i remain perplexed about the general perception that > AXFR is bad for a root name server. it's not. RFC1035 describes some > resource management techniques for TCP state blobs, which the root > servers follow. the chance that an AXFR will be blown away by a TCP > query is very high, and so, it's bad for clients to make production > use of AXFR from busy servers. > > The 3 zones in question are actually really small: > > -rw-r--r-- 1 bind wheel 1.6K Aug 2 14:25 arpa.slave > -rw-r--r-- 1 bind wheel 23K Aug 2 14:24 in-addr.arpa.slave > -rw-r--r-- 1 bind wheel 64K Aug 2 14:30 root.slave > > so I'm not sure how much of a problem this is in practice. I also suspect that using accept filters will mitigate some of the problem. If someone was to write a DNS accept filter that would help. > > So offering the template configuration to do so, but not enabling > > it by default, is a very good thing. Thank you for doing this, > > Doug. > > Glad to do it. I'm also glad to see that this topic is getting serious > discussion. > > Doug > > -- > > This .signature sanitized for your protection > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200708030212.l732CFE5011664>