Date: Sun, 26 Jan 2003 18:02:57 -0500 From: Barney Wolff <barney@pit.databus.com> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: 4.7-R-p3: j.root-servers.net Message-ID: <20030126230257.GA62541@pit.databus.com> In-Reply-To: <20030126224956.K27492-100000@voo.doo.net> References: <20030126130837.GA399@gicco.homeip.net> <20030126224956.K27492-100000@voo.doo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jan 26, 2003 at 11:48:00PM +0100, Marc Schneiders wrote: > > A more permanent solution is to run secondary for root. This has > several advantages. One being speed. The root data will be on your > machine and automatically refreshed every 30 minutes (only when there > are changes, so no useless traffic) by AXFR. If there is another DDoS > attack on the root-servers, you won't suffer from it, for you have the > data yourself. And they don't change much. This strikes me as a Really Bad Idea. It increases the load on the roots that you target, and leaves you high and dry if those roots decide to deny zone transfers, as they should. The TTLs returned by the roots are plenty long enough to provide a cushion for any outages, and if the roots are truly gone longer than that, the whole Internet will not be working. As has been amply pointed out, named will learn the current roots if even one root that it knows about is correct and functioning. This is a complete non-issue. And of course, using the "alternate" roots is evil. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030126230257.GA62541>