[dns-operations] FreeBSD and the slaving of the root zone
David Conrad
drc at virtualized.org
Tue Jul 31 22:56:54 UTC 2007
On Jul 31, 2007, at 2:56 PM, Patrik Fältström wrote:
> Before doing anything like this I think:
>
> - We need a distribution mechanism for the root zone that scales
Yep.
> - We need the root zone signed with DNSSEC (tsig is not enough for me)
I think this is orthogonal, but https://ns.iana.org/dnssec/
status.html (:-)). More seriously, it may be possible that
separating the zone publication from zone serving could result in
getting a signed root zone out more quickly (the rationale being that
in theory at least, you have to be slightly more DNS cognizant to be
able to set up a root slave and thus, would be willing to participate
in a root zone DNSSEC experiment). I don't know if anyone has
seriously proposed something like this, but there might be a remote
chance it could fly...
> - We need to know that the actual level of broken queries to the root
> servers will go down (if people today query for "localhost.", that
> indicate a broken full service resolver, so how will a similarly
> broken slave for root zone behave?)
I thought Malone's paper indicated it did have that effect (albeit
the effect was negated by the zone transfers)...
Rgds,
-drc
More information about the dns-operations
mailing list