Re: root server load and dynamic updates.

["Eric A. Hall" <ehall@ehsco.com>]

> Stuart Kwan wrote:

> I believe this condition is caused by clients configured with
> "bogus.com.au" (or other non-existent) domain names, where "com.au"
> (or other TLD) is the nearest enclosing zone.

There are a lot of issues at play here, but the primary super-issue that
we're talking about here is PTR records and not A records. Given the
following, it's somewhat likely that excessive updates are more of a
problem for PTR records than for A records:

  1) Most Internet-connected networks that are less than 2 years old
     will have CIDR address blocks.

  2) Windows 2000's DDNS does not support classless delegation, as
     per the resource kit documentation.

  3) The Active Directory wizard does not create reverse lookup zones
     automatically.

My bet is that these elements conspire heavily to cause a significant
amount of the registrations to get forwarded up the in-addr.arpa. tree.
For example, if a network has a /26 mask, the registering systems are
GUARANTEED to send the UPDATE messages to the ISPs authoritative servers
(if they exist). Or in another case, if the organization is using a /24
but has not manually created the zone, then those requests will also go
up the tree.

I would recommend two actions here. The first would be a comparison of
the update requests being sent to a.root-servers.net to see how many of
them are for bogus.com. versus how many are for in-addr.arpa. space,
just to verify/disprove this suspicion. The second would be some kind of
effort to minimize the likelihood of the in-addr.arpa. walks. It may be
that you can minimize a lot of the load by simply exlcluding that domain
the same as you exclude root.

-- 
Eric A. Hall                                            ehall@ehsco.com
+1-650-685-0557                                    http://www.ehsco.com