Acting as stealth slave for root zone
barmar at alum.mit.edu
Fri Dec 10 00:23:33 UTC 2004
In article <cpakt0$12il$1 at sf1.isc.org>, David Carmean <dlc at halibut.com>
> On Thu, Dec 09, 2004 at 09:46:18PM +0000, Thomas Schulz wrote:
> > In article <cpag8g$e8q$1 at sf1.isc.org>, Paul Vixie <vixie at sa.vix.com>
> > wrote:
> > >David Carmean <dlc at halibut.com> writes:
> > >
> > >> > Certainly F has always allowed zone transfers of the root zone, even
> > >> > when it was called NS.ISC.ORG back before the letter-names came into
> > >> > being. It is ISC's intention to permit AXFR of the root zone from
> > >> > f-root, always.
> > >>
> > >> What are your thoughts as a root server operator about this as a
> > >> technique to reduce the load on the roots?
> > >
> > >I think it would have no effect, or make things worse. 97.9% of
> > >everything
> > >f-root sees is crud, or so it says at
> > >
> > > http://dns.measurement-factory.com/writings/wessels-pam2003-paper.pdf
> > >
> > >Running a stealth slave for the root zone could make things worse if you
> > >fail to turn off NOTIFY.
> > What conditions would cause a slave to send a notify to a master? Or do
> > I misunderstand what is being said?
> If I understand correctly, although the RFC (1996) provides for NOTIFY
> over TCP, BIND implements only UDP; the slaves flood UDP NOTIFY packets to
> all the other listed nameservers for the zone in case the original NOTIFY
> from the master is dropped en-route.
That's note the reason. They notify other slaves because it's possible
that some of the slaves pull their zone transfers from this slave rather
than the primary master. So every server, when it reloads the zone,
notifies all the servers listed in the NS records.
Barry Margolin, barmar at alum.mit.edu
*** PLEASE post questions in newsgroups, not directly to me ***
More information about the bind-users