default dns config change causing major poolpah
Peter Losher
Peter_Losher at isc.org
Thu Aug 2 06:52:08 UTC 2007
Poul-Henning Kamp wrote:
> That said, I fully agree with the spirit of this change, I have
> myself seen what positive difference it makes for servers in Denmark
> to have a slave of the .dk zone, particular for busy mailservers.
One of the other objections I have with this change (other than the fact
that it was made w/o consultation) is the fact that this is would become
the "default" setting. Yes, busy mail servers may be better served by
slaving frequently used zones, and as Vixie mentioned on the
dns-operations list, there is less objection if "wizards" use AXFR, and
they would perhaps know more of the pitfalls that doing this entails
(vs. relying on hints).
But the fact is this is being enabled for every Tom, Dick, and Sarah
operating a OS who won't know what the possible ramifications are of
this change, and the benefit compared to the downside is nonexistant.
And that is *BAD, BAD, BAD*. Has this change been raised on the
relevant IETF DNS operations list? These are the defaults we are
talking about here.
I will reiterate, this change needs to be rolled back until there has
been more discussion. dbarton mentioned earlier that root operators
make changes on a glacial scale. There is a reason for that. ;)
Best Wishes - Peter
--
Peter_Losher at isc.org | ISC | OpenPGP 0xE8048D08 | "The bits must flow"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 186 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20070802/abf2bb4c/signature.pgp
More information about the freebsd-stable
mailing list