From owner-freebsd-current@FreeBSD.ORG Fri Aug 3 02:12:16 2007 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AA0DB16A419; Fri, 3 Aug 2007 02:12:16 +0000 (UTC) (envelope-from marka@isc.org) Received: from drugs.dv.isc.org (drugs.dv.isc.org [IPv6:2001:470:1f00:820:214:22ff:fed9:fbdc]) by mx1.freebsd.org (Postfix) with ESMTP id 1B9BD13C46B; Fri, 3 Aug 2007 02:12:15 +0000 (UTC) (envelope-from marka@isc.org) Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (8.14.1/8.14.1) with ESMTP id l732CFE5011664; Fri, 3 Aug 2007 12:12:15 +1000 (EST) (envelope-from marka@drugs.dv.isc.org) Message-Id: <200708030212.l732CFE5011664@drugs.dv.isc.org> To: Doug Barton From: Mark Andrews In-reply-to: Your message of "Thu, 02 Aug 2007 14:49:25 MST." <46B25165.5000303@FreeBSD.org> Date: Fri, 03 Aug 2007 12:12:15 +1000 Sender: marka@isc.org X-Mailman-Approved-At: Fri, 03 Aug 2007 02:33:17 +0000 Cc: freebsd-current@freebsd.org, freebsd-stable@freebsd.org Subject: Re: named.conf restored to hint zone for the root by default X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Aug 2007 02:12:16 -0000 > Jeremy Chadwick wrote: > > On Thu, Aug 02, 2007 at 01:49:39PM -0700, Doug Barton wrote: > >> Oliver Fromme wrote: > >>> Hi, > >>> > >>> Just for the record, I like the current solution, i.e. default > >>> being a "hint" zone, and slave zones being commented out, ready > >>> to be used for those who know what they're doing. > > > > I second this. And although I like Doug's use of AXFR from the > > roots (like others reported, it definitely speeds things up), I > > also want to continue to respect rootserver operators and dns-ops's > > concerns. > > Something that I haven't mentioned but I think is probably worth > pointing out is that at least for Paul Vixie (operator of f.root) the > concern is not for the root servers, it's for potential problems on > the client side. The following is from > http://lists.oarci.net/pipermail/dns-operations/2007-August/001920.html > > i remain perplexed about the general perception that AXFR is bad for a > root name server. it's not. RFC1035 describes some resource > management techniques for TCP state blobs, which the root servers > follow. the chance that an AXFR will be blown away by a TCP query is > very high, and so, it's bad for clients to make production use of AXFR > from busy servers.i remain perplexed about the general perception that > AXFR is bad for a root name server. it's not. RFC1035 describes some > resource management techniques for TCP state blobs, which the root > servers follow. the chance that an AXFR will be blown away by a TCP > query is very high, and so, it's bad for clients to make production > use of AXFR from busy servers. > > The 3 zones in question are actually really small: > > -rw-r--r-- 1 bind wheel 1.6K Aug 2 14:25 arpa.slave > -rw-r--r-- 1 bind wheel 23K Aug 2 14:24 in-addr.arpa.slave > -rw-r--r-- 1 bind wheel 64K Aug 2 14:30 root.slave > > so I'm not sure how much of a problem this is in practice. I also suspect that using accept filters will mitigate some of the problem. If someone was to write a DNS accept filter that would help. > > So offering the template configuration to do so, but not enabling > > it by default, is a very good thing. Thank you for doing this, > > Doug. > > Glad to do it. I'm also glad to see that this topic is getting serious > discussion. > > Doug > > -- > > This .signature sanitized for your protection > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org