Setting up a Root name server

Sat Sep 4 00:24:51 UTC 1999

Cricket Liu wrote:

> chris <chris at megabytecoffee.com> wrote in message
> news:<37D04580.C60C62CF at megabytecoffee.com>...
> > > That's not going to be enough, for reasons I've already described.  When
> > > your name servers start up, they'll send a sysquery to one of the name
> > > servers in the root hints file--picked at random--and ask for the
> current
> > > list of roots.  13 out of 14 times that list will not include your
> internal
> > > root name server at all, so they won't use it.
> >
> > I don't supose you can see a way around that? I dont want to run my
> servers
> > without the ability to fall back to the other root servers. Does BIND
> actualy
> > randomly select a root server out of the hint file??
>
> If I read the source correctly, they'll all get random, low RTT values to
> begin with, and then the first query that requires contacting a root name
> server will go to the one that happened to get the lowest RTT.
>

But, eventually wouldn't the resolvers all settle on the DNS server with the
best RTT(mine)?

>
> You could make sure your internal root name server is the one your internal
> name servers contact *the first time* by listing only your internal root in
> the root hints file, but then you'd be in big trouble if your internal root
> failed and someone restarted an internal name server.  This also won't solve
> the problem of successive sysqueries, though it's more likely that these
> will be sent to the root name server with the lowest RTT, which will
> presumably be your internal root.  There's no guarantee of this, though.
>
> Then, finally, there's the problem of the number of root name servers.
> You're presumably going to add an NS record for your internal root name
> server to the root zone data file you're getting from NSI.  But there are
> only 13 root name servers on the Internet for good reason:  More than that
> and the records won't fit into a 512 byte UDP response.  Consequently, if
> you add a 14th NS record and a 14th A record, your internal name servers
> will get truncated UDP responses to their sysqueries when they query your
> internal root.  Modern name servers will retry over TCP, but your internal
> root can't service nearly as many TCP queries as it can UDP.  I guess you
> could just delete one of a-m.root.servers.net from your root zone data file.
> I'd delete the one farthest away from you.
>

Killing off one root nameserver I can live with.. what I'm trying to avoid is
killing off everything but mine, I have to update the zones twice a day, and I
don't want to loose DNS services during that time.

>
> Anyway, what I think all of us are trying to get at is simply that the
> problem is thornier than it at first sounds.
>

I'm a DNS admin, I wouldn't be doing this if I didn't like thorns. besides, even
if this can't be done, I'll just chalk it up as a learning experience.

- Chris