To:
Daniel Senie <dts@senie.com>
cc:
dnsop@cafax.se
From:
Robert Elz <kre@munnari.OZ.AU>
Date:
Wed, 20 Mar 2002 17:10:37 +0700
In-Reply-To:
<5.1.0.14.2.20020319101724.00a368b0@mail.amaranth.net>
Sender:
owner-dnsop@cafax.se
Subject:
Re: draft-ietf-dnsop-v6-name-space-fragmentation-01.txt
Date: Tue, 19 Mar 2002 10:33:41 -0500
From: Daniel Senie <dts@senie.com>
Message-ID: <5.1.0.14.2.20020319101724.00a368b0@mail.amaranth.net>
| A flood of packets to verify the function of delegated servers
| represents a serious problem.
Come on, be reasonable. A server that can't handle the occasional query
from its parent to return the NS/SOA (whatever is needed) for all the
zones it has delegated to it, shouldn't be installed in the first place,
as it certainly isn't going to cope with any real load.
Not that I think having a server do checks on all delegations every time
it loads a zone is rational either - but yours is not the counter argument.
Better is what the server would do with any delegation it is unable to verify,
one way or the other? If it is going to just drop delegations that aren't
perfect any any random instant, then it just broke one of the DNS assumptions,
which is that servers aren't always there - that's why we have secondary
servers (more than one server for a zone).
If it is going to just ignore the error, then it might just as well have
not bothered checking. To find completely broken delegations, a check
every zone load isn't needed - just one occasionally.
Attempting to count (and record) how frequently checks fail is way too
much overhead.
| Might it not be better to think in terms of a separate function (perhaps
| implemented as a separate thread or subprocess of the name service, perhaps
| as a separate entity) which takes a slow, continuous walk around the name
| space looking for and reporting errors?
This is certainly a better approach than expecting a server to verify
delegations when it loads the zone. It should validate syntax then, no
more than that.
But:
| This would eliminate the need to
| make the checks at start-up point, permitting the service to begin and
| continue functioning without being impeded by checks of other systems.
I'm not sure which start-up point you mean. If you mean when the server is
loading the zone, then I agree. If you mean when the domain was initially
delegated, I disagree, servers (server operators, someone or something)
should always check delegations before they're made. That is far and away
the best time to have problems corrected. That's when the owners of the
domain are actively pursuing the issue, and paying attention to what is
happening.
kre