Problems with named default configuration in 6-STABLE
Mark Andrews
Mark_Andrews at isc.org
Thu Jul 19 04:15:52 UTC 2007
> On 07/17/07 11:06, Heiko Wundram (Beenic) wrote:
> > On Tuesday 17 July 2007 10:52:43 Volker wrote:
> >> <snip>
> >> Relying on a zone transfer doesn't seem to be reliable to me as more
> >> than half of the root servers doesn't reply to AXFR requests.
> >
> > I've heard pretty much the same thing as you did wrt. root name servers
> > denying AXFR, but as "it works" (TM), I don't see a reason not to use it. A
> nd
> > it seems that the author of the FreeBSD default named.conf thought likewise
> ,
> > which is pretty okay with me (from the experience I gathered this morning).
> >
> > By the way: using the roots as hints only adds to the number of requests yo
> ur
> > server has to do in order to retrieve first-level domain name servers, so i
> n
> > the end, the transmitted data should be way higher than doing one AXFR to
> > find them (simply because you'll see a large subset of those toplevel domai
> ns
> > being requested when you're publically offering a DNS server). And the data
>
> > is also cached on an AXFR in persistant storage, which is another major
> > benefit (for me).
> >
>
> Remember, AXFR requires a TCP transfer and not every firewall will
> happily let it pass.
Then the firewall is misconfigured. Ordinary DNS lookups can require
TCP. That's what the "tc" flag is for.
>
> I (partially) agree to the speedup effects you mentioned but if just 5
> out of 13 root servers support AXFR, your bind will sit for a while to
> find a root server responding to it's AXFR requests. That may eat up
> your speed improvements. Type hint for the root zone always works
> (regardless of the firewall and which root server is being queried).
>
> Volker
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the freebsd-stable
mailing list