About root zones

Kevin Darcy kcd at chrysler.com
Tue Jan 3 20:46:35 UTC 2012


On 1/2/2012 2:16 PM, Barry Margolin wrote:
> In article<mailman.654.1325531095.68562.bind-users at lists.isc.org>,
>   Kevin Darcy<kcd at chrysler.com>  wrote:
>
>> I agree with Matus. BIND should be as self-sufficient as possible, and
>> not make any assumptions about the capability of and/or the data it
>> expects to get from the system resolver
> If the system resolver is good enough for every other application
> running on the system, it should be good enough for BIND.
See, there's the problem right there. Many of us see the BIND instance 
as forming part of an *infrastructure*, not just an *application* that 
happens to run on the machine. This distinction isn't just semantic. We 
have, for instance, totally separate groups who manage the OS'es of our 
servers (including the configuration of the system resolver), versus 
those of us in the Networking area who have responsibility for the DNS 
infrastructure itself.

Those server folks have strange ideas about name resolution. Strange 
enough that sometimes I don't even understand what the hell they are 
trying to accomplish. Or, they do know, but I think they indulge the 
end-users way too much (don't even get me started on shortname 
resolution, for instance, and the ugly hacks we're forced to maintain, 
supporting that bad habit).

So no, the system resolver is not "good enough for BIND". Not in my 
book. I'm responsible for BIND, I'm not going to stick my neck out 
making my subsystem dependent on someone's else's subsystem, when I have 
no confidence that they know what they're doing and/or that they're 
doing the right things.

Nor do I think it is particularly unusual for the Networking and Server 
responsibilities within an organization to belong to different groups, 
with different skillsets and competency levels. BIND is good at 
resolving names to addresses, so let it do the name resolution, without 
creating unnecessary dependencies which may cross organizational and 
possibly even trust boundaries. I've already outlined in my previous 
message some possible ways to obviate these "internal" queries, along 
with the suggestion that maybe at the end of the day it's actually more 
trouble than it's worth...

                                                                         
                                                                 - Kevin





More information about the bind-users mailing list