Acting as stealth slave for root zone
dlc at halibut.com
Thu Dec 9 22:28:15 UTC 2004
On Thu, Dec 09, 2004 at 09:46:18PM +0000, Thomas Schulz wrote:
> In article <cpag8g$e8q$1 at sf1.isc.org>, Paul Vixie <vixie at sa.vix.com> wrote:
> >David Carmean <dlc at halibut.com> writes:
> >> > Certainly F has always allowed zone transfers of the root zone, even
> >> > when it was called NS.ISC.ORG back before the letter-names came into
> >> > being. It is ISC's intention to permit AXFR of the root zone from
> >> > f-root, always.
> >> What are your thoughts as a root server operator about this as a
> >> technique to reduce the load on the roots?
> >I think it would have no effect, or make things worse. 97.9% of everything
> >f-root sees is crud, or so it says at
> > http://dns.measurement-factory.com/writings/wessels-pam2003-paper.pdf
> >Running a stealth slave for the root zone could make things worse if you
> >fail to turn off NOTIFY.
> What conditions would cause a slave to send a notify to a master? Or do
> I misunderstand what is being said?
If I understand correctly, although the RFC (1996) provides for NOTIFY
over TCP, BIND implements only UDP; the slaves flood UDP NOTIFY packets to
all the other listed nameservers for the zone in case the original NOTIFY
from the master is dropped en-route.
> > It could possibly make things better if your
> >local resolvers are a major contributor to the "97.9% is crud". Most
> >likely result is no difference, since statistically speaking if you're
> >clueful enough to run a stealth slave for the root zone, you already aren't
> >part of the "97.9% is crud" problem, and you've got the TLD NS RRsets in
> >your local caches, and you aren't hitting the root servers very hard at all.
Individually, my site won't make a measurable difference, but if this
practice were to become popular, perhaps it would make a dent.
More information about the bind-users