default dns config change causing major poolpah

Peter Losher Peter_Losher at
Thu Aug 2 01:06:16 UTC 2007

Doug Barton wrote:

> Here is where the problem lies. What you're saying here is simply not
> true. I know several of the root operators personally, and in my
> previous position as GM of IANA I worked with them directly both
> individually and collectively. Everything involving a change to a root
> server is done at a near-glacial pace. There no more danger that we
> will wake up tomorrow unable to AXFR the root from any server than
> there is that we'll wake up tomorrow not able to send resolver queries
> to any root server. To say that this IS possible is FUD.

Doug - that is a *BIG* assumption you just made there.  As far as I know
you didn't discuss this change with any of the root server operators
(you certainly didn't with ISC) and we could have told you then how bad
of a idea this was.  It seems you made this change on instinct, and in
addition nowhere does it state in RFC2870 that the root-servers have to
accept AXFR's as part of their service.

You just made with this change what was before a diagnostic service into
a production service and you didn't even ask the folks most affected by
it.  This change should be yanked and yanked now until at least there
has been some discussion with the root server operators.  (and
discussing it on the dns-operations@ list does not cut it)

-Peter (with his root-ops hat on his desk)
Peter_Losher at | ISC | OpenPGP 0xE8048D08 | "The bits must flow"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 186 bytes
Desc: OpenPGP digital signature
Url :

More information about the freebsd-stable mailing list