[dns-operations] FreeBSD and the slaving of the root zone

Patrik Fältström patrik at frobbit.se
Tue Jul 31 21:56:50 UTC 2007


I do not like this.

Before doing anything like this I think:

- We need a distribution mechanism for the root zone that scales
- We need the root zone signed with DNSSEC (tsig is not enough for me)
- We need to know that the actual level of broken queries to the root  
servers will go down (if people today query for "localhost.", that  
indicate a broken full service resolver, so how will a similarly  
broken slave for root zone behave?)

Too many people (not on this list, in general), I claim, think this  
setup that rely on correctly configured full service resolvers will  
solve the problems of queries from misconfigured full service resolvers.

I.e. I have no idea what *real* problem this solves. So it feels like  
someone is looking for nails after they bought a new hammer (or  
something that they think look like a hammer).

    Patrik




More information about the dns-operations mailing list