To:
dnsop@cafax.se
From:
"D. J. Bernstein" <djb@cr.yp.to>
Date:
9 Feb 2000 03:03:34 -0000
Sender:
owner-dnsop@cafax.se
Subject:
Re: RFC 2182 considered harmful
Let's see if we can come to agreement on the nyu.edu example. Brian Wellington writes: > Sure looks like different networks. It's not. All the addresses are on the NYU network. They all go through the same gateway, namely nyugwa-fa1-0-0.nyu.net. RFC 2182 says that secondary servers ``must be placed at both topologically and geographically dispersed locations on the Internet.'' The NYU servers are neither topologically nor geographically dispersed. Can we agree that RFC 2182 strongly and clearly recommends against what NYU is doing? > How about MX records pointing to an off-site backup mail server? There don't seem to be any of those in the nyu.edu network. > Recovery from transient failures? What are you talking about? Have you fallen for the myth that mail will bounce when all DNS servers are unreachable? It's simply not true. Are there any other alleged benefits of third-party nyu.edu DNS servers? > An unnecessary point of failure? How? Security viewpoint: See my recent bugtraq message on the 200 computers that are currently authorized to take over *.com. Reliability viewpoint: Is the third-party server running reliable software? The Linux filesystem can corrupt the zone file if the power goes out at the wrong moment. I'm also told that old versions of BIND could truncate zone files. Efficiency viewpoint: Users would see annoying delays more often than they do now---unless all the third-party outages align perfectly with NYU outages. Other, more predictable, costs of adding a third-party server: * It takes time and effort to locate a suitable third party and set up zone transfers. * It takes more time and effort to track changes in the name or IP address of the third-party server. * It takes even more time and effort to arrange for fast propagation of an urgent change. So far there's no evidence of any benefits, let alone benefits that outweigh these costs. ---Dan