To:
Daniel Senie <dts@senie.com>
cc:
dnsop@cafax.se
From:
Robert Elz <kre@munnari.OZ.AU>
Date:
Wed, 20 Mar 2002 17:10:37 +0700
In-Reply-To:
<5.1.0.14.2.20020319101724.00a368b0@mail.amaranth.net>
Sender:
owner-dnsop@cafax.se
Subject:
Re: draft-ietf-dnsop-v6-name-space-fragmentation-01.txt
Date: Tue, 19 Mar 2002 10:33:41 -0500 From: Daniel Senie <dts@senie.com> Message-ID: <5.1.0.14.2.20020319101724.00a368b0@mail.amaranth.net> | A flood of packets to verify the function of delegated servers | represents a serious problem. Come on, be reasonable. A server that can't handle the occasional query from its parent to return the NS/SOA (whatever is needed) for all the zones it has delegated to it, shouldn't be installed in the first place, as it certainly isn't going to cope with any real load. Not that I think having a server do checks on all delegations every time it loads a zone is rational either - but yours is not the counter argument. Better is what the server would do with any delegation it is unable to verify, one way or the other? If it is going to just drop delegations that aren't perfect any any random instant, then it just broke one of the DNS assumptions, which is that servers aren't always there - that's why we have secondary servers (more than one server for a zone). If it is going to just ignore the error, then it might just as well have not bothered checking. To find completely broken delegations, a check every zone load isn't needed - just one occasionally. Attempting to count (and record) how frequently checks fail is way too much overhead. | Might it not be better to think in terms of a separate function (perhaps | implemented as a separate thread or subprocess of the name service, perhaps | as a separate entity) which takes a slow, continuous walk around the name | space looking for and reporting errors? This is certainly a better approach than expecting a server to verify delegations when it loads the zone. It should validate syntax then, no more than that. But: | This would eliminate the need to | make the checks at start-up point, permitting the service to begin and | continue functioning without being impeded by checks of other systems. I'm not sure which start-up point you mean. If you mean when the server is loading the zone, then I agree. If you mean when the domain was initially delegated, I disagree, servers (server operators, someone or something) should always check delegations before they're made. That is far and away the best time to have problems corrected. That's when the owners of the domain are actively pursuing the issue, and paying attention to what is happening. kre