forwarders are unreachable -> lookup fails?

Brad Knowles brad.knowles at
Thu Mar 22 12:12:22 UTC 2001

At 10:07 PM -0500 3/21/01, Kevin Darcy wrote:

>  Brad, I think we are miscommunicating here. I'm not arguing against local
>  caching; I'm arguing against -- or at least questioning the rationale of
>  -- forwarding.

	You're welcome to question rationale all you want.  However, I 
know what my own real-world large-scale experience is, and unless you 
can provide comparable real-world large-scale experience that is to 
the contrary, then I'm not likely to listen to your arguments.

	However, I know enough about Cricket, Jim, and Mark (in 
alphabetical order) that if they say something which I think is a 
good idea, is actually a bad idea, then I'm willing to set aside my 
own real-world large-scale experience and take their advice -- after 
all, while I feel I know a fair amount about the DNS in general and 
BIND in particular, I know that they know a lot more about it than I 

	Now, if they express an opinion of this sort, I'd like very much 
to know as much details as they can give me, so that I can better 
understand what's really going on.

	Even if I do get a complete explanation given to me, this doesn't 
mean that I won't collect some sample DNS query data and try running 
it through various nameserver configurations, to try to get a more 
detailed picture of what's actually happening.

	At Skynet, we had four Network Appliance NetCache C760 caching 
web proxy servers, each generating multiple gigabytes of log data per 
day.  It would be simple to take this kind of log information, strip 
out just the host/domain name portion of the query, run this through 
an offline set of caching nameservers in various configurations, and 
then take a look at the detailed stats as to what the average query 
response time is, numbers of queries per second handled by which 
machines, etc....

>                  You have chosen forwarding because you need -- or at least
>  _think_ you need -- "one-world consistency".

	The customers explicitly demanded it outright.  I know of at 
least two businesses that went Chapter 11 because of this problem 
(they missed contract deadlines because not all of their submissions 
made it to the designated recipient, or didn't make it on time), and 
it was the owners of these businesses that made the point abundantly 
clear (one of them made direct threats of extreme violence).

	Until you've had credible threats of violence made against you, 
your family, your pets, your property, and all your descendants, I 
don't think you can really provide me a convincing argument to the 

	I was fortunate in that I had an account on the Stratus mainframe 
systems that allowed me to go look up the information for the account 
in question, and if I thought that there was a real possibility of 
grave bodily harm being done to me, I could have provided this 
information to the police.  Fortunately, I never had to actually take 
this step, although I seriously considered it on several occasions.

	Read this 
story on slashdot, and the articles it links to at 
<> and 
This stuff is real.

Brad Knowles, <brad.knowles at>

/*     efdtt.c     Author:  Charles M. Hannum <root at>             */
/*                                                                         */
/*     Thanks to Phil Carmody <fatphil at> for additional tweaks.    */
/*                                                                         */
/*     Length:  434 bytes (excluding unnecessary newlines)                 */
/*                                                                         */
/*     Usage is:  cat title-key scrambled.vob | efdtt >clear.vob           */
/*     where title-key = "153 2 8 105 225" or other similar 5-byte key     */

#define m(i)(x[i]^s[i+84])<<
unsigned char x[5],y,s[2048];main(n){for(read(0,x,5);read(0,s,n=2048);write(1,s
,n))if(s[y=s[13]%8+20]/16%4==1){int i=m(1)17^256+m(0)8,k=m(2)0,j=m(4)17^m(3)9^k

More information about the bind-users mailing list