To:
dnsop@cafax.se
From:
bert hubert <ahu@ds9a.nl>
Date:
Wed, 30 May 2001 11:54:42 +0200
Content-Disposition:
inline
In-Reply-To:
<Pine.BSI.4.05L.10105301102430.8181-100000@x17.ripe.net>; from shane@ripe.net on Wed, May 30, 2001 at 11:03:36AM +0200
Mail-Followup-To:
bert hubert <ahu@ds9a.nl>, dnsop@cafax.se
Sender:
owner-dnsop@cafax.se
User-Agent:
Mutt/1.2.5i
Subject:
Re: Should a nameserver know about itself?
On Wed, May 30, 2001 at 11:03:36AM +0200, Shane Kerr wrote: > The problem as I see it is that in order to provide glue records, the > RIR's need to track the A records similar to what you demonstrated. > What this means is that when an in-addr.arpa zone changes (e.g. new > nameserver added, nameserver IP changes) the zone administrator has to > remember to update both their own zone files (or equivalent in the > tinydns case) as well as the records at the appropriate RIR. Automation is the key word here. > Would the RIR's then have to run automatic processes to verify their > glue records? Would (should) they then simply use those all the time > rather than requiring users update them manually at all? There are > large disadvantages to an automatic process like this. Well, it sets policy where it is often not expected. In an age where reverse delegation is considered less and less important (many administrators do not even know how it is set up - 'why doesn't it work out of the box'), we should wonder if IN-ADDR.ARPA delegation should be made more difficult than it currently is. > IIRC, I asked for community input about this issue when I was at ARIN, > and received no feedback - my guess is that the Internet at large > doesn't consider it an important issue. Well, 'The internet at large' often does not know what is broken. People generally feel that 'stuff is not quite working as it should', without being able to blame it on a single issue, like numerous compounded out-of-bailiwick references causing 'rickety' dns service. This ignorance about the reasons for bad 'surfing experience' leads to little or no feedback - I did some experiments with a friend (Remco van Mook) on three reputable networks (Surfnet, UUnet and Level(3)) and we found that dns queries are very often answered late enough that the recursing nameserver has already decided to move on to the next NS record. Having a lot of out-of-bailiwick references then becomes a major issue in delaying lookups. But imho, this is more important for forward lookups. Regards, bert hubert -- http://www.PowerDNS.com Versatile DNS Services Trilab The Technology People 'SYN! .. SYN|ACK! .. ACK!' - the mating call of the internet