Problems with named default configuration in 6-STABLE
Volker
volker at vwsoft.com
Tue Jul 17 09:44:34 UTC 2007
On 07/17/07 11:06, Heiko Wundram (Beenic) wrote:
> On Tuesday 17 July 2007 10:52:43 Volker wrote:
>> <snip>
>> Relying on a zone transfer doesn't seem to be reliable to me as more
>> than half of the root servers doesn't reply to AXFR requests.
>
> I've heard pretty much the same thing as you did wrt. root name servers
> denying AXFR, but as "it works" (TM), I don't see a reason not to use it. And
> it seems that the author of the FreeBSD default named.conf thought likewise,
> which is pretty okay with me (from the experience I gathered this morning).
>
> By the way: using the roots as hints only adds to the number of requests your
> server has to do in order to retrieve first-level domain name servers, so in
> the end, the transmitted data should be way higher than doing one AXFR to
> find them (simply because you'll see a large subset of those toplevel domains
> being requested when you're publically offering a DNS server). And the data
> is also cached on an AXFR in persistant storage, which is another major
> benefit (for me).
>
Remember, AXFR requires a TCP transfer and not every firewall will
happily let it pass.
I (partially) agree to the speedup effects you mentioned but if just 5
out of 13 root servers support AXFR, your bind will sit for a while to
find a root server responding to it's AXFR requests. That may eat up
your speed improvements. Type hint for the root zone always works
(regardless of the firewall and which root server is being queried).
Volker
More information about the freebsd-stable
mailing list