DNS ROOT understanding

Jim Reid jim at rfc1035.com
Tue Sep 28 12:02:49 UTC 2004


>>>>> "Ladislav" == Ladislav Vobr <lvobr at ies.etisalat.ae> writes:

    Nicolas> Is there a good way to monitore the life about Root
    Nicolas> Server ? (ping ? dig ?  other ?)  in order to be warn
    Nicolas> when there is a problem.
    >>  There is no point in doing this. So don't. Even if you did,
    >> what are you going to do if you found a problem? [Which is
    >> highly unlikely.]  Who are you going to call? And would they
    >> pay any attention to you?

    Ladislav> it might be very simple way of saying you have a world
    Ladislav> connectivity problems, I was doing it as well, maybe I
    Ladislav> am still doing it, I have to check :-)

No you don't and this is not a good way of checking for "world
connectivity problems". Many of the root servers do anycasting. The
same IP address (well /24) is announced from many places on the
internet at once. So a poor RTT to one of these servers could be a
local routing or peering problem that has no bearing on a site's
"world connectivity". For example, there's an instance of the K root
server at Doha in Qatar. [See http://k.root-servers.org.] If your ISP
doesn't peer -- exchange routing info -- at that internet exchange,
queries from your net to k.root-servers.net could be going to London
or Frankfurt or....

    Ladislav> when you run recursive servers, it might get very bussy
    Ladislav> when the world connectivity is not there, it is very
    Ladislav> difficult on current binds to figure out why it is
    Ladislav> bussy, you can just guess, why you recursive queue is
    Ladislav> full, it might be really different reasons, maybe single
    Ladislav> nasty user, maybe lot of users with viruses, maybe
    Ladislav> normal users but world connectivity problem....

So what? I fail to see how battering on the root servers can possibly
give someone any sort of insight into how busy or loaded their local
name servers are.

    Ladislav> if you know immediatelly that you have this kind of
    Ladislav> connectivity problems, you might possibly do some
    Ladislav> action, like disable recursion, reload, and serve the
    Ladislav> requests from the cache only, which is basically imho
    Ladislav> better than having completely over-utilized server with
    Ladislav> completely non-responsive service.

None of this is in any way relevant to monitoring the status of root
servers.

As I said before, DNS administrators should focus on making sure
*their* name servers were configured and operated correctly. This
would be much more helpful to everyone and a better use of resources
than monitoring the health of the root servers which are already
provisioned, configured and operated properly, as well as continually
monitored.


More information about the bind-users mailing list