forwarders are unreachable -> lookup fails?
Brad Knowles
brad.knowles at skynet.be
Thu Mar 22 12:12:22 UTC 2001
At 10:07 PM -0500 3/21/01, Kevin Darcy wrote:
> Brad, I think we are miscommunicating here. I'm not arguing against local
> caching; I'm arguing against -- or at least questioning the rationale of
> -- forwarding.
You're welcome to question rationale all you want. However, I
know what my own real-world large-scale experience is, and unless you
can provide comparable real-world large-scale experience that is to
the contrary, then I'm not likely to listen to your arguments.
However, I know enough about Cricket, Jim, and Mark (in
alphabetical order) that if they say something which I think is a
good idea, is actually a bad idea, then I'm willing to set aside my
own real-world large-scale experience and take their advice -- after
all, while I feel I know a fair amount about the DNS in general and
BIND in particular, I know that they know a lot more about it than I
do.
Now, if they express an opinion of this sort, I'd like very much
to know as much details as they can give me, so that I can better
understand what's really going on.
Even if I do get a complete explanation given to me, this doesn't
mean that I won't collect some sample DNS query data and try running
it through various nameserver configurations, to try to get a more
detailed picture of what's actually happening.
At Skynet, we had four Network Appliance NetCache C760 caching
web proxy servers, each generating multiple gigabytes of log data per
day. It would be simple to take this kind of log information, strip
out just the host/domain name portion of the query, run this through
an offline set of caching nameservers in various configurations, and
then take a look at the detailed stats as to what the average query
response time is, numbers of queries per second handled by which
machines, etc....
> You have chosen forwarding because you need -- or at least
> _think_ you need -- "one-world consistency".
The customers explicitly demanded it outright. I know of at
least two businesses that went Chapter 11 because of this problem
(they missed contract deadlines because not all of their submissions
made it to the designated recipient, or didn't make it on time), and
it was the owners of these businesses that made the point abundantly
clear (one of them made direct threats of extreme violence).
Until you've had credible threats of violence made against you,
your family, your pets, your property, and all your descendants, I
don't think you can really provide me a convincing argument to the
contrary.
I was fortunate in that I had an account on the Stratus mainframe
systems that allowed me to go look up the information for the account
in question, and if I thought that there was a real possibility of
grave bodily harm being done to me, I could have provided this
information to the police. Fortunately, I never had to actually take
this step, although I seriously considered it on several occasions.
Read this
<http://slashdot.org/article.pl?sid=01/03/21/030230&mode=thread>
story on slashdot, and the articles it links to at
<http://www.villagevoice.com/issues/0112/ferrandino.shtml> and
<http://www.salon.com/tech/feature/1999/10/12/gay_aol/index.html>.
This stuff is real.
--
Brad Knowles, <brad.knowles at skynet.be>
/* efdtt.c Author: Charles M. Hannum <root at ihack.net> */
/* */
/* Thanks to Phil Carmody <fatphil at asdf.org> for additional tweaks. */
/* */
/* Length: 434 bytes (excluding unnecessary newlines) */
/* */
/* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
/* where title-key = "153 2 8 105 225" or other similar 5-byte key */
#define m(i)(x[i]^s[i+84])<<
unsigned char x[5],y,s[2048];main(n){for(read(0,x,5);read(0,s,n=2048);write(1,s
,n))if(s[y=s[13]%8+20]/16%4==1){int i=m(1)17^256+m(0)8,k=m(2)0,j=m(4)17^m(3)9^k
*2-k%8^8,a=0,c=26;for(s[y]-=16;--c;j*=2)a=a*2^i&1,i=i/2^j&1<<24;for(j=127;++j<n
;c=c>y)c+=y=i^i/8^i>>4^i>>12,i=i>>8^y<<17,a^=a>>14,y=a^a*8^a<<6,a=a>>8^y<<9,k=s
[j],k="7Wo~'G_\216"[k&7]+2^"cr3sfw6v;*k+>/n."[k>>4]*2^k*257/8,s[j]=k^(k&k*2&34)
*6^c+~y;}}
More information about the bind-users
mailing list