[dns-operations] Cloudflare hosting a root server?

Jim Reid jim at rfc1035.com
Fri Apr 14 12:10:37 UTC 2017

> On 14 Apr 2017, at 11:44, Thomas Steen Rasmussen <thomas at gibfest.dk> wrote:
> The default FreeBSD named.conf[1] suggests slaving . and
> arpa zones from f-root.

That doesn’t mean the suggestion is a wise or desirable one.

> Not all the f-root servers permit
> AXFR apparently, meaning that a lot of FreeBSD servers
> can suddently stop being able to slave the root zones, if
> anycast makes them hit a new non-axfr-enabled f-root
> server.

So don’t do that then. Either slave the zone from something that formally provides that service or choose another configuration for your name server(s).

BTW this “change” in F’s behaviour should hopefully explain why FreeBSD’s suggestion is flawed.

> Wouldn't it be a good idea to keep axfr "rules" persistent
> across all instances of a given root server?

No. There may well be all sorts of compelling operational reasons why an RSO might switch AXFRs on and off at will.

This could be a good idea if there was a document or contract which guaranteed that behaviour. But there isn’t.

Besides, addition or removal of anycast nodes can change the underlying routing topology while the xfer is in progress. So once you've established a TCP connection to the anycast node in say Copenhagen, packets could end up going to an anycast node elsewhere if that location then turns out to be “nearer” to you than the Copenhagen node.

> I will contact the maintainer of the FreeBSD bind port
> seperately and suggest using icanns axfr servers [2] as
> default rather than f-root.


More information about the dns-operations mailing list