Acting as stealth slave for root zone

Mark Andrews Mark_Andrews at
Thu Dec 9 22:39:10 UTC 2004

> In article <cpag8g$e8q$1 at>, Paul Vixie  <vixie at> wrote:
> >David Carmean <dlc at> writes:
> >
> >> > Certainly F has always allowed zone transfers of the root zone, even
> >> > when it was called NS.ISC.ORG back before the letter-names came into
> >> > being.  It is ISC's intention to permit AXFR of the root zone from
> >> > f-root, always.
> >> 
> >> What are your thoughts as a root server operator about this as a
> >> technique to reduce the load on the roots?
> >
> >I think it would have no effect, or make things worse.  97.9% of everything
> >f-root sees is crud, or so it says at
> >
> >
> >
> >Running a stealth slave for the root zone could make things worse if you
> >fail to turn off NOTIFY.
> What conditions would cause a slave to send a notify to a master?  Or do
> I misunderstand what is being said?

	Named is configured to "just work" with the following configuration.

			master -> slave -> other slaves

	This requires a slave to NOTIFY other slaves.  This is also what
	is required by RFC 1996.

	BIND 9.4 will have "notify master;" which just causes master zones
	to send out NOTIFY messages.

> > It could possibly make things better if your
> >local resolvers are a major contributor to the "97.9% is crud".  Most
> >likely result is no difference, since statistically speaking if you're
> >clueful enough to run a stealth slave for the root zone, you already aren't
> >part of the "97.9% is crud" problem, and you've got the TLD NS RRsets in
> >your local caches, and you aren't hitting the root servers very hard at all.
> >-- 
> >Paul Vixie
> >
> -- 
> Tom Schulz
> schulz at
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at

More information about the bind-users mailing list