DNS ROOT understanding
Jim Reid
jim at rfc1035.com
Tue Sep 28 12:02:49 UTC 2004
>>>>> "Ladislav" == Ladislav Vobr <lvobr at ies.etisalat.ae> writes:
Nicolas> Is there a good way to monitore the life about Root
Nicolas> Server ? (ping ? dig ? other ?) in order to be warn
Nicolas> when there is a problem.
>> There is no point in doing this. So don't. Even if you did,
>> what are you going to do if you found a problem? [Which is
>> highly unlikely.] Who are you going to call? And would they
>> pay any attention to you?
Ladislav> it might be very simple way of saying you have a world
Ladislav> connectivity problems, I was doing it as well, maybe I
Ladislav> am still doing it, I have to check :-)
No you don't and this is not a good way of checking for "world
connectivity problems". Many of the root servers do anycasting. The
same IP address (well /24) is announced from many places on the
internet at once. So a poor RTT to one of these servers could be a
local routing or peering problem that has no bearing on a site's
"world connectivity". For example, there's an instance of the K root
server at Doha in Qatar. [See http://k.root-servers.org.] If your ISP
doesn't peer -- exchange routing info -- at that internet exchange,
queries from your net to k.root-servers.net could be going to London
or Frankfurt or....
Ladislav> when you run recursive servers, it might get very bussy
Ladislav> when the world connectivity is not there, it is very
Ladislav> difficult on current binds to figure out why it is
Ladislav> bussy, you can just guess, why you recursive queue is
Ladislav> full, it might be really different reasons, maybe single
Ladislav> nasty user, maybe lot of users with viruses, maybe
Ladislav> normal users but world connectivity problem....
So what? I fail to see how battering on the root servers can possibly
give someone any sort of insight into how busy or loaded their local
name servers are.
Ladislav> if you know immediatelly that you have this kind of
Ladislav> connectivity problems, you might possibly do some
Ladislav> action, like disable recursion, reload, and serve the
Ladislav> requests from the cache only, which is basically imho
Ladislav> better than having completely over-utilized server with
Ladislav> completely non-responsive service.
None of this is in any way relevant to monitoring the status of root
servers.
As I said before, DNS administrators should focus on making sure
*their* name servers were configured and operated correctly. This
would be much more helpful to everyone and a better use of resources
than monitoring the health of the root servers which are already
provisioned, configured and operated properly, as well as continually
monitored.
More information about the bind-users
mailing list