North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Just got on this thing (perhaps very belatedly) - root server trouble?

  • From: Michael Handler
  • Date: Mon Feb 17 21:21:06 1997

In <[email protected]>,
Karl Denninger <[email protected]> wrote:

> > And shouldn't "root servers" have recursive queries turned off?:
> Until VERY recently they weren't on the existing roots.  And, by the way,
> while we're talking about that, what is this about hosting the 800,000-some-
> odd NSI domains on the roots?

Nice dodge. But you do then admit to having recursion available on
your "new improved r00t [email protected]" for several months, until someone
else pointed it out to you?

"They did the same thing a while back!" isn't an acceptable answer. (I
don't even think it's true. I haven't seen a recursive query answered
via a root nameserver since I started actively doing DNS administration
over a year ago.) Even if that is so, you shouldn't have made the same
mistake, especially *after* the operators of the IANA root servers
corrected the misconfiguration.

> The point at hand, though, is that we haven't had *any* operational incidents
> since eDNS was launched that could be in any way traced to the other root
> servers.  None at all.
> Meanwhile, there have been several service-affecting issues on the 
> IANA-sponsored roots in the same time frame.

I haven't seen any problems because of these supposed "service-affecting
issues". Perhaps you should check the quality of your network connectivity?

> What was that edict again?  "Rough consensus and operational code"?  We
> certainly do seem to have that.

The code's fine; it just appears you don't know how to configure it correctly.
Try reading the BIND Operations Guide (BOG) next time; it says explicitly
that the root nameservers should run with "options no-recursion".

Michael Handler <[email protected]>                        Washington, D.C.
- - - - - - - - - - - - - - - - -