Just got on this thing (perhaps very belatedly) - root server trouble?

Mailman List Mirror (Read Only)
1

-----BEGIN PGP SIGNED MESSAGE-----

>
>We've been running on eDNS now for something like seven months, and have
>had ZERO operational incidents recorded by our NOC which have been related
>to root server failures or problems.

Somehow, I'm not impressed. Say, shouldn't the inability of any AOL customers
to send email to user@domain.audio be considered an operational problem?

One that should be taken up with IANA, in my opinion, but heh, there are
differing opinions on this.

And shouldn't "root servers" have recursive queries turned off?:

Until VERY recently they weren't on the existing roots. And, by the way,
while we're talking about that, what is this about hosting the 800,000-some-
odd NSI domains on the roots?

BTW, there are 2010-complient roots going in. And, if you secondary root
from us, you'll get that update automatically when it happens.....

And what happens if usage of the eDNS root servers goes up? The eDNS
root servers don't appear to be very well situated network-wise,
either. It looks like all of them are in North America. The IANA has
at least one non-North American root server (i.root-servers.net).

Only one. Again, there's a fix for this. Its called more participation.

But since this is the NORTH AMERICAN network operations group, I would think
that the issue would be exactly that -- North America.... :slight_smile:

Diversity is also being improved. I expect to be able to announce two or
three additional divergent root servers, on major backbone networks, within
the next few weeks.

The point at hand, though, is that we haven't had *any* operational incidents
since eDNS was launched that could be in any way traced to the other root
servers. None at all.

Meanwhile, there have been several service-affecting issues on the
IANA-sponsored roots in the same time frame.

What was that edict again? "Rough consensus and operational code"? We
certainly do seem to have that.

2

In <199702180144.TAA23839@Jupiter.Mcs.Net>,

> And shouldn't "root servers" have recursive queries turned off?:

Until VERY recently they weren't on the existing roots. And, by the way,
while we're talking about that, what is this about hosting the 800,000-some-
odd NSI domains on the roots?

Nice dodge. But you do then admit to having recursion available on
your "new improved r00t n@m3s3rv3rs" for several months, until someone
else pointed it out to you?

"They did the same thing a while back!" isn't an acceptable answer. (I
don't even think it's true. I haven't seen a recursive query answered
via a root nameserver since I started actively doing DNS administration
over a year ago.) Even if that is so, you shouldn't have made the same
mistake, especially *after* the operators of the IANA root servers
corrected the misconfiguration.

The point at hand, though, is that we haven't had *any* operational incidents
since eDNS was launched that could be in any way traced to the other root
servers. None at all.

Meanwhile, there have been several service-affecting issues on the
IANA-sponsored roots in the same time frame.

I haven't seen any problems because of these supposed "service-affecting
issues". Perhaps you should check the quality of your network connectivity?

What was that edict again? "Rough consensus and operational code"? We
certainly do seem to have that.

The code's fine; it just appears you don't know how to configure it correctly.
Try reading the BIND Operations Guide (BOG) next time; it says explicitly
that the root nameservers should run with "options no-recursion".