[dns-operations] FreeBSD and the slaving of the root zone
patrik at frobbit.se
Tue Jul 31 21:56:50 UTC 2007
I do not like this.
Before doing anything like this I think:
- We need a distribution mechanism for the root zone that scales
- We need the root zone signed with DNSSEC (tsig is not enough for me)
- We need to know that the actual level of broken queries to the root
servers will go down (if people today query for "localhost.", that
indicate a broken full service resolver, so how will a similarly
broken slave for root zone behave?)
Too many people (not on this list, in general), I claim, think this
setup that rely on correctly configured full service resolvers will
solve the problems of queries from misconfigured full service resolvers.
I.e. I have no idea what *real* problem this solves. So it feels like
someone is looking for nails after they bought a new hammer (or
something that they think look like a hammer).
More information about the dns-operations