Acting as stealth slave for root zone

David Carmean dlc at
Thu Dec 9 22:28:15 UTC 2004

On Thu, Dec 09, 2004 at 09:46:18PM +0000, Thomas Schulz wrote:
> In article <cpag8g$e8q$1 at>, Paul Vixie  <vixie at> wrote:
> >David Carmean <dlc at> writes:
> >
> >> > Certainly F has always allowed zone transfers of the root zone, even
> >> > when it was called NS.ISC.ORG back before the letter-names came into
> >> > being.  It is ISC's intention to permit AXFR of the root zone from
> >> > f-root, always.
> >> 
> >> What are your thoughts as a root server operator about this as a
> >> technique to reduce the load on the roots?
> >
> >I think it would have no effect, or make things worse.  97.9% of everything
> >f-root sees is crud, or so it says at
> >
> >
> >
> >Running a stealth slave for the root zone could make things worse if you
> >fail to turn off NOTIFY.
> What conditions would cause a slave to send a notify to a master?  Or do
> I misunderstand what is being said?

If I understand correctly, although the RFC (1996) provides for NOTIFY 
over TCP, BIND implements only UDP; the slaves flood UDP NOTIFY packets to 
all the other listed nameservers for the zone in case the original NOTIFY 
from the master is dropped en-route.

> > It could possibly make things better if your
> >local resolvers are a major contributor to the "97.9% is crud".  Most
> >likely result is no difference, since statistically speaking if you're
> >clueful enough to run a stealth slave for the root zone, you already aren't
> >part of the "97.9% is crud" problem, and you've got the TLD NS RRsets in
> >your local caches, and you aren't hitting the root servers very hard at all.

Individually, my site won't make a measurable difference, but if this
practice were to become popular, perhaps it would make a dent.

More information about the bind-users mailing list