default dns config change causing major poolpah
skip at menantico.com
Wed Aug 1 11:02:06 UTC 2007
Randy Bush wrote:
> the undiscussed and unannounced change to the default dns config to
> cause local transfer of the root and arpa zone files has raised major
> discussing in the dns operational community. (see the mailing list
> dns-operations at mail.oarc.isc.org).
> did i miss the discussion here?
No. There was none.
> i have spent some hours turning off the default bind and going custom on
> a dozen or so machines around the planet. i am not happy.
> what am i missing here?
I don't have an axe to grind. I don't run the default config on
any of my 2 dozen name servers (not all of which run bind anyway)
so I wasn't really affected by the change.
However, I thought it was a really, really, terrible idea, and a
rather rude act considering it relies on the charity of others to
not break. There is no requirement that FreeBSD users be
permitted to slave the roots. Everyone who uses the default
config can have their setups broken the day after installation.
We never asked permission to use the resources of others in this
way, and they're not required to allow us to do so. It's rude to
assume they'll allow it, and it's risky to not receive permission
beforehand to ensure slaving the roots will continue to work after
The original commit message for the change indicated it was done
to bring us in line with "current best practices" but that commit
message is the only place I have ever seen anyone say that slaving
the roots is current best practice.
Again, I don't have an axe to grind and I really don't want to get
in the middle of a personal attack. I don't think the world will
explode, and in reality, there will probably be no problems at
all, but if there aren't, it's because of pure luck not good
planning or decision making. Microsoft makes much worse
assumptions about the availability of the resources of others, but
this is a Microsoft-ish decision, IMO. Just not a good plan.
More information about the freebsd-stable