[dns-operations] FreeBSD and the slaving of the root zone
Doug Barton
dougb at dougbarton.us
Thu Aug 2 11:04:00 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Paul Vixie wrote:
> i am irritated about the change in the kind of load f-root will
> see, from diagnostic to production, of this service. i am NOT
> irritated about the load itself, and so, i'm not asking that
> f-root's name be removed; rather, i'm asking that the entire bad
> idea be rescinded.
Paul,
In rereading the various posts on this topic, a pair of dots connected
for me here that I must confess I missed completely the first time
through.
It never occurred to me to consider that you might have in mind
restrictions for how people use the AXFR capability. In my mind, "open
to AXFR" is "open," and the idea that you feel it _should_ be open
for one purpose, but _should not_ be open for other purposes honestly
never entered my mind. However Peter Losher responded in the thread on
the FreeBSD list with basically the same statement you made, so
obviously this idea is pretty deeply ingrained, at least at ISC.
To me (and this is apparently a rather naive view), "information wants
to be free," and so it didn't occur to me that there would be an
objection to using that information (or that method of access to it if
you will) for the purpose I put it to. I now understand why this
change generated this reaction (or this part of it anyway), and I'm
sorry for stepping on toes here.
FWIW, I sent messages today to the operators of all 5 axfr'able roots
asking if they would like to be removed from the FreeBSD named.conf.
Since the slaving behavior is now off by default, I think it's
reasonable to let things sit as they are for a little while till the
other 3 get a chance to digest this and respond. We have time before
this stuff gets shipped in a -RELEASE, so it can be removed altogether
down the road if needs be.
Doug
- --
If you're never wrong, you're not trying hard enough
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (FreeBSD)
iD8DBQFGsbofyIakK9Wy8PsRA6EgAJoCNXE5w3jxxqws8O7MRqOHAYdrSwCfRwLX
qs/39Tg3+WS0XnQt6N/hxmk=
=twIN
-----END PGP SIGNATURE-----
More information about the dns-operations
mailing list