[dns-operations] FreeBSD and the slaving of the root zone

Blacka, David davidb at verisign.com
Thu Aug 2 13:36:29 UTC 2007


David Malone wrote:

> In terms of maintainability of the DNS system, I think slaving the
> root zone is roughly similar to the existing hints method. Both
> methods hardcode a list of IP addresses, which can gradually go
> stale as root servers renumber. In practice this makes the slave
> method less robust at the moment, simply because it has fewer IPs
> that give AXFRs of the root.

BIND and some other caching resolvers generally only use the root hints
for "priming" (or, perhaps, more accurately, they use the root hints
only until priming is complete).  With priming, you only actually need
to have one of the 13 IP addresses correct in the hints file.  After (at
most) 12 priming attempts, the resolver will get the current set of root
servers and be on its merry way.

So, in this sense, the root hints method is significantly more robust
than slaving the root.

-- 
David Blacka                          <davidb at verisign.com>
Sr. Engineer    VeriSign Infrastructure Product Engineering
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5033 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20070802/cca91d01/attachment.bin>


More information about the dns-operations mailing list