named.conf restored to hint zone for the root by default

[Doug Barton]

Oliver Fromme wrote:

> By the way, I have changed from hints to slaves on the DNS
> servers for a large server farm (just testing right now;
> I might go back to hints if I don't feel it's worth it).

Depending on how many name servers you have you might get a bigger win
by slaving the root to one server, then slaving it to the others from
your "local master." If you're only talking about a few name servers
it's probably not worth it though.

> It _seems_ a few applications run with lower latency, but
> I'll need to run some benchmarks in order to get some hard
> numbers.

If your stuff is relatively well behaved, and generally only queries a
few TLDs you might not get much of a benefit in terms of reduced
latency. In this scenario the main advantage is better resilience to a
root DDoS.

Where this technique really works well is a scenario where you are
answering a lot of "random" queries that could potentially include
invalid TLDs and other "junk." Not sending those queries to the roots
helps reduce traffic for them and for you, and gives you much better
latency on the inevitable NXDOMAIN response.

hth,

Doug

-- 

    This .signature sanitized for your protection