Acting as stealth slave for root zone

Paul Vixie vixie at
Thu Dec 9 02:48:27 UTC 2004

David Carmean <dlc at> writes:

> > Certainly F has always allowed zone transfers of the root zone, even
> > when it was called NS.ISC.ORG back before the letter-names came into
> > being.  It is ISC's intention to permit AXFR of the root zone from
> > f-root, always.
> What are your thoughts as a root server operator about this as a
> technique to reduce the load on the roots?

I think it would have no effect, or make things worse.  97.9% of everything
f-root sees is crud, or so it says at

Running a stealth slave for the root zone could make things worse if you
fail to turn off NOTIFY.  It could possibly make things better if your
local resolvers are a major contributor to the "97.9% is crud".  Most
likely result is no difference, since statistically speaking if you're
clueful enough to run a stealth slave for the root zone, you already aren't
part of the "97.9% is crud" problem, and you've got the TLD NS RRsets in
your local caches, and you aren't hitting the root servers very hard at all.
Paul Vixie

More information about the bind-users mailing list