nanog mailing list archives
Re: Local root zone (Was NYTimes: Egypt Leaders Found ‘Off’ Switch for Internet)
From: Doug Barton <dougb () dougbarton us>
Date: Wed, 16 Feb 2011 13:22:05 -0800
On 02/16/2011 11:50, Franck Martin wrote:
----- Original Message -----From: "Martin Millnert"<millnert () gmail com> To: "Marshall Eubanks"<tme () americafree tv> Cc: "North American Network Operators Group"<nanog () nanog org> Sent: Thursday, 17 February, 2011 8:28:22 AM Subject: Re: NYTimes: Egypt Leaders Found ‘Off’ Switch for Internet On Wed, Feb 16, 2011 at 9:09 AM, Marshall Eubanks<tme () americafree tv> wrote:On Feb 16, 2011, at 12:15 AM, Joly MacFie wrote:"Operating local IRC networks is good, as is having local OS mirrors, such as Debian/Ubuntu and let's not forget, having a resilient DNS configuration (root zone copy hint 101: "dig @k.root-servers.net. . axfr"). A securely distributedWould it make sense for an ISP to "store" the root zone on their DNS servers instead of letting it be refreshed by the DNS cache? A cron job could refresh it from time to time. It would avoid entries from expiring and would always serve to clients entries with max ttl? A root server would be better, but that could be an intermediary step? Just speaking out loud here, so it may be total non-sense...
This is a subject of intense debate amongst the DNS literati: CON:1. Failure to pay attention to your setup could cause you to have a stale root zone.
PRO: 1. Faster local resolution for your users, especially for malformed queries. 2. No spurious traffic will be sent from your network to the roots 3. Greater resilience to any potential root server failure/DDoSPersonally I've been doing it for years, never had a problem. On larger sites where I have a lot of resolvers I make the hidden master a slave for the root zone, and also allow the local resolvers to slave it from the hidden master to be more net.friendly. For BIND, make sure you include "notify no;" in your zone{} statement.
hth, Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/
Current thread:
- NYTimes: Egypt Leaders Found ‘Off’ Switch for Internet Joly MacFie (Feb 15)
- Re: NYTimes: Egypt Leaders Found ‘Off’ Switch for Internet Marshall Eubanks (Feb 16)
- Re: NYTimes: Egypt Leaders Found ‘Off’ Switch for Internet Martin Millnert (Feb 16)
- Local root zone (Was NYTimes: Egypt Leaders Found ‘Off’ Switch for Internet) Franck Martin (Feb 16)
- Re: Local root zone (Was NYTimes: Egypt Leaders Found ‘Off’ Switch for Internet) Doug Barton (Feb 16)
- Re: Local root zone (Was NYTimes: Egypt Leaders Found ‘Off’ Switch for Internet) Fred Baker (Feb 16)
- Re: Local root zone (Was NYTimes: Egypt Leaders Found ‘Off’ Switch for Internet) Eric Brunner-Williams (Feb 16)
- Re: Local root zone (Was NYTimes: Egypt Leaders Found ‘Off’ Switch for Internet) Steven Bellovin (Feb 16)
- Re: Local root zone (Was NYTimes: Egypt Leaders Found ‘Off’ Switch for Internet) Eric Brunner-Williams (Feb 16)
- Re: Local root zone (Was NYTimes: Egypt Leaders Found ‘Off’ Switch for Internet) Steve Gibbard (Feb 16)
- Re: Local root zone (Was NYTimes: Egypt Leaders Found ‘Off’ Switch for Internet) Fred Baker (Feb 16)
- Re: Local root zone (Was NYTimes: Egypt Leaders Found ‘Off’ Switch for Internet) Randy Bush (Feb 16)
- Re: Local root zone (Was NYTimes: Egypt Leaders Found ‘Off’ Switch for Internet) Franck Martin (Feb 16)
- Re: Local root zone (Was NYTimes: Egypt Leaders Found ‘Off’ Switch for Internet) Joel Jaeggli (Feb 21)
- Re: Local root zone (Was NYTimes: Egypt Leaders Found ‘Off’ Switch for Internet) Randy Bush (Feb 21)
- Re: NYTimes: Egypt Leaders Found ‘Off’ Switch for Internet Martin Millnert (Feb 16)
- Re: NYTimes: Egypt Leaders Found ‘Off’ Switch for Internet Marshall Eubanks (Feb 16)