[34070] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

RE: How (un)common is lack of DNS server diversity?

daemon@ATHENA.MIT.EDU (Roeland Meyer)
Sat Jan 27 19:23:34 2001

Message-ID: <9DC8BBAD4FF100408FC7D18D1F092286039BAA@condor.mhsc.com>
From: Roeland Meyer <rmeyer@mhsc.com>
To: "'nanog@merit.edu'" <nanog@merit.edu>
Date: Sat, 27 Jan 2001 16:15:49 -0800
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Errors-To: owner-nanog-outgoing@merit.edu


> From: woods@weird.com [mailto:woods@weird.com]
> Sent: Saturday, January 27, 2001 3:38 PM

> [ On Saturday, January 27, 2001 at 14:40:39 ( -0800), Roeland 
> Meyer wrote: ]
> > Subject: RE: How common is lack of DNS server diversity?
> >
> > Then, how do you intelligently talk about the other 
> entities I bring up?
> 
> An "authoritative nameserver" is, well, an authoritative nameserver.
> Nothing more, nothing less.  If it's registered (in the 
> parent zone, or
> the root cache/hints file in the case of a top level zone) 
> but it's not
> actually answering authoritatively (but it is answering) then it's
> considered to be "lame".

Actually, in /bind/contrib, there are programs to chase down and email
hostmaster of lame servers. They are considered not-acceptable. BIND also
err-logs these, explicitly.

> Everything else describes the relationship of the zone to the root
> (eg. "top level domain", "second level domain", etc.).

> People who want to ascribe some meaning to who's responsible 
> for shared
> top (or sometimes second) level zones talk about "global top level
> domains" and "country code top level domains" or maybe "second level
> country code domains", though none of these descriptions are 
> technically
> meaningful in any way whatsoever -- they simply ascribe administrative
> descriptions to ordinary top level (or maybe second level) 
> domain names.
> 
> What more could you possibly need!?!?!?!?

That's overly simplistic. Put a recursive SLD server up and see how fast the
cache gets munged.

> The only confusing terms that have been used repeatedly everywhere and
> by most everyone at one time or another are "primary" and "secondary"
> nameservers (especially when they give the impression that 
> there's only
> one "secondary" nameserver).  The new BIND documentation suggests the
> much better terms "master" and "slave".  There's only one 
> master, and it
> might not even be registered or visible (though BIND's named will
> complain if the master listed in the SOA isn't also listed as 
> one of the
> NS records).  There can be many slaves, and not all of them need to be
> registered or visible either.  Both the master and all of the slaves
> will always answer authoritatively (at least to anyone who can reach
> them and who they permit to query them).  Either way if they're listed
> in publicly visible NS records, either in their parent zone, or within
> the zone, they'd damn well better answer authoritatively!

Agreed.

> This is not rocket science -- it's very very very simple 
> stuff!  Anyone comfortable with keeping lists of things and understanding 
> hierarchical relationships between those lists can do DNS in their sleep
once they
> learn a half dozen very simple rules.

I can almost agree. But the existance proof against this point is the ICANN.

> I believe the reason that Internet DNS is in such a sorry state is
> literally because it is so boringly simple yet particular 
> about the tiny
> details that only an accountant-type personality would care about.  We
> need more accountants to do the DNS!  :-)

Interesting that you bring up accountancy, there is a fair amount of $$$
invloved here.


home help back first fref pref prev next nref lref last post