Acting as stealth slave for root zone
David Carmean
dlc at halibut.com
Wed Dec 8 03:18:19 UTC 2004
In the last couple of weeks, I've read pretty much all of the reporting
(that I can find on the web) that CAIDA et. al. have done on the junk
queries sent to the root nameservers. [1][2] I noted that bogus queries
to the roots for unknown TLDs are reported in the literature at between
12% and 20% of the total load. dnstop output showed that my users and
their software are generating some number of queries for bogus TLD. I
began to think about ways to become a better user of the root servers.
Eventually, I tried something that I fully expected not to work: I tried
to pull a copy of the root zone by zone transfer from the root servers
themselves. It worked! I'd expected the query to be refused.
So ... I set my test cache server up as a "stealth" slave for the root
zone, and behold, no more bogus TLD queries to the roots.
Is this new/temporary behavior? The spirited discussion a few weeks ago
engendered by the idea of grabbing the root zone by ftp would seem to
indicate that zone transfers have not always been permitted. Otherwise ...
why wouldn't have others tried this before me?
I'm not done testing this idea yet; is there anything obvious that I'm missing?
Is this a hole that's going to be closed back up? I would think that encouraging
this configuration could measurably reduce the load on the roots.
Cheers
--
[1] http://www.caida.org/projects/dns-analysis/status.xml
[2] http://dns.measurement-factory.com/
More information about the bind-users
mailing list