[dns-operations] The (very) uneven distribution of DNS root servers on the Internet

Mark Andrews marka at isc.org
Thu May 17 00:10:59 UTC 2012


I bet there are plenty of servers configured with the equivalent
of the following.

	zone "." {
		type slave;
		masters { 192.5.5.241; };
		file "slave/root";
		notify master;	// Don't bother the offical roots.
	};

If F ever moves IPv4 address or connectivity breaks for a week or
more the zone will expire.  The default SOA timers cause changes
to propogate in 30 minutes without NOTIFY.

I have the above in one view and the following in a second view
that gets all the recursive queries and validates the results.  That
way if I'm fed garbage I'll know about it.  This directs anything
that would normally be asked to the root servers to the first zone
that has a local copy of ".".

        zone . {
                type static-stub;
                server-addresses { 127.0.0.1; };
        };

If this was made more common "notify master;" may need to be the
default when configuring a root zone to prevent NOTIFY blow back.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the dns-operations mailing list