[dns-operations] FreeBSD and the slaving of the root zone

David Conrad drc at virtualized.org
Tue Jul 31 17:36:50 UTC 2007


On Jul 31, 2007, at 9:13 AM, Edward Lewis wrote:
> At 15:50 +0000 7/31/07, Paul Vixie wrote:
>
>> it's not my turn.  does everybody else think this is a good idea?   
>> start
>> with the fact that root nameservers renumber from time to time,  
>> and go from
>> there.
>
> Let's start with the potential renumbering of the root servers.

Perhaps I'm dense, but I don't see how renumbering root servers is a  
big deal in this context.  Renumbering root servers is already hard.   
I'm not sure why this would make it any harder.  Of course, the  
difficulty in renumbering root servers argues for the /32s and /128s  
for root service to be fixed in concrete (that is, becoming  
essentially protocol elements standardized in an RFC), but I know  
some of the root server operators get the twitches when I raise this.

> An upside of having the root zone local is that the recursive server
> (assuming that's the function to cite) will not recurse to the root.
> Not for "good queries" and not for "bad queries."

Upsides include:
- greater decentralization that should reduce load
- DDoS attacks against the root servers would have less impact

Downsides include:
- increased load on the root servers as a result of the zone transfers

This downside could be alleviated by having the zone transfer source  
be different than the actual root servers.

Rgds,
-drc




More information about the dns-operations mailing list