default dns config change causing major poolpah
Thijs Eilander
eilander at myguard.nl
Thu Aug 2 04:45:54 UTC 2007
>If there is a consensus based on solid technical reasons (not emotion
>or FUD) to back the root zone slaving change out, I'll be glad to do
>so. I think it would be very useful at this point if those who _like_
>the change would speak up publicly as well.
For starters, I am doing it since 1998 (and not only in named) on busy dns
servers.
I like the idea.... but not the change.
Motivation:
1) Not everyone is an admin on a "busy nameservers". Is it really necessary
to include it in the distribution? A lot of people don't even get it, they
just setup their homemade firewall/dnsserver. Do those people need to slave
the rootservers by default? Why?
2) Skilled administrators are aware of the slave trick, or they fetch
root.zone.gz once a week. Why include it for the skilled at expense of the
clueless people from argument 1 ?
An idea:
Why not fetching the root.zone.gz file itself once a week? Matthew Dillon
send a nice getroot script to this discussion, I think we should put an
adjusted script in /etc/periodic/weekly. this seems to be a cleaner way than
using axfr on rootservers which don't notify us on changes. (Benefit: the
root.zone.gz is signed, axfr probably not).
Personally I think this serves the same goal and hopefully in a less
annoying way, without having to worry (or argue!) about axfr is still
allowed for at least next 2 years.
Just another 2 cents for in your moneybag, what will you do with all those
'funding' ? :)
With kind regards,
Thijs Eilander
More information about the freebsd-stable
mailing list