To:
Stuart Kwan <skwan@Exchange.Microsoft.com>
CC:
Robert Elz <kre@munnari.OZ.AU>, dnsop@cafax.se
From:
"Eric A. Hall" <ehall@ehsco.com>
Date:
Wed, 24 May 2000 10:55:59 -0700
Sender:
owner-dnsop@cafax.se
Subject:
Re: root server load and dynamic updates.
> Stuart Kwan wrote: > I believe this condition is caused by clients configured with > "bogus.com.au" (or other non-existent) domain names, where "com.au" > (or other TLD) is the nearest enclosing zone. There are a lot of issues at play here, but the primary super-issue that we're talking about here is PTR records and not A records. Given the following, it's somewhat likely that excessive updates are more of a problem for PTR records than for A records: 1) Most Internet-connected networks that are less than 2 years old will have CIDR address blocks. 2) Windows 2000's DDNS does not support classless delegation, as per the resource kit documentation. 3) The Active Directory wizard does not create reverse lookup zones automatically. My bet is that these elements conspire heavily to cause a significant amount of the registrations to get forwarded up the in-addr.arpa. tree. For example, if a network has a /26 mask, the registering systems are GUARANTEED to send the UPDATE messages to the ISPs authoritative servers (if they exist). Or in another case, if the organization is using a /24 but has not manually created the zone, then those requests will also go up the tree. I would recommend two actions here. The first would be a comparison of the update requests being sent to a.root-servers.net to see how many of them are for bogus.com. versus how many are for in-addr.arpa. space, just to verify/disprove this suspicion. The second would be some kind of effort to minimize the likelihood of the in-addr.arpa. walks. It may be that you can minimize a lot of the load by simply exlcluding that domain the same as you exclude root. -- Eric A. Hall ehall@ehsco.com +1-650-685-0557 http://www.ehsco.com