default dns config change causing major poolpah

Thijs Eilander eilander at myguard.nl
Thu Aug 2 04:45:54 UTC 2007


>If there is a consensus based on solid technical reasons (not emotion
>or FUD) to back the root zone slaving change out, I'll be glad to do
>so. I think it would be very useful at this point if those who _like_
>the change would speak up publicly as well.

For starters, I am doing it since 1998 (and not only in named) on busy dns
servers.
I like the idea.... but not the change.

Motivation:

1) Not everyone is an admin on a "busy nameservers". Is it really necessary
to include it in the distribution? A lot of people don't even get it, they
just setup their homemade firewall/dnsserver. Do those people need to slave
the rootservers by default? Why?

2) Skilled administrators are aware of the slave trick, or they fetch
root.zone.gz once a week. Why include it for the skilled at expense of the
clueless people from argument 1 ?


An idea:

Why not fetching the root.zone.gz file itself once a week? Matthew Dillon
send a nice getroot script to this discussion, I think we should put an
adjusted script in /etc/periodic/weekly. this seems to be a cleaner way than
using axfr on rootservers which don't notify us on changes. (Benefit: the
root.zone.gz is signed, axfr probably not). 

Personally I think this serves the same goal and hopefully in a less
annoying way, without having to worry (or argue!) about axfr is still
allowed for at least next 2 years.


Just another 2 cents for in your moneybag, what will you do with all those
'funding' ? :)

With kind regards,
Thijs Eilander






More information about the freebsd-stable mailing list