[dns-operations] Everyone as root server ? Was: FreeBSD and the slaving of the root zone

Michael Sinatra michael at rancid.berkeley.edu
Tue Jul 31 17:27:55 UTC 2007 

Olafur Gudmundsson wrote:
> Lets raise the level on this discussion.
> 
> In my mind there are in two separate issues and everyone is answering
> the second one while I was hoping for discussion on the first one.
> 
> I1: Is it a good idea to encourage people to turn their recursive servers into
>      root servers ?

If you believe that most of the recursive servers out there are sending 
a significant enough amount of junk queries to the root servers, then 
yes.  By being their own roots, they short-circuit all of the junk.

If the junk queries can be mitigated in other ways (default local zones, 
for example) then maybe.  However, for a large enough recursive server, 
with a large enough client base, you may well get junk queries that just 
can't be mitigated--e.g. non-obvious local zones, random weird queries 
that have been discussed on this list in the past, etc.  If that's 
significant, then it *might* be beneficial to both the recursive server 
and to the root NSes to slave the root zone.

For a small workstation running its own caching nameserver, definitely 
not.  It's worth noting that the big caching nameservers at Berkeley 
have their configs generated from a database, so I am less likely to 
incorporate wholesale the changes that are committed to the default 
FreeBSD named.conf.  However, I tend to be more accepting of the default 
(slightly modified) named.conf on my FreeBSD workstation.  In other 
words, the method by which the slaving of the root zone is being 
encouraged may be targeting the wrong set of users.  (No, my workstation 
does not currently slave the root zone.)

> I2: How can the root zone be distributed to million recursive servers in a
>      safe and timely manner ?

This becomes relevant if we think that I1 has a "yes" answer.

>          Olafur (who has opinions but is suppressing them)

My opinion has always been "recursive servers should not slave the root 
zone, period."  However, given some of the garbage queries that the 
roots get, I wonder if this is the correct opinion.  If there were a 
best practice that stated "if you have a recursive server with more than 
XXX clients (or XXX QPS), then it is a net benefit to everyone to slave 
the root zone," the root servers might actually benefit from that. 
However, I am not sure we have enough data to really know.

michael

More information about the dns-operations mailing list