North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: How (un)common is lack of DNS server diversity?
> From: [email protected] [mailto:[email protected]] > Sent: Saturday, January 27, 2001 3:38 PM > [ On Saturday, January 27, 2001 at 14:40:39 ( -0800), Roeland > Meyer wrote: ] > > Subject: RE: How common is lack of DNS server diversity? > > > > Then, how do you intelligently talk about the other > entities I bring up? > > An "authoritative nameserver" is, well, an authoritative nameserver. > Nothing more, nothing less. If it's registered (in the > parent zone, or > the root cache/hints file in the case of a top level zone) > but it's not > actually answering authoritatively (but it is answering) then it's > considered to be "lame". Actually, in /bind/contrib, there are programs to chase down and email hostmaster of lame servers. They are considered not-acceptable. BIND also err-logs these, explicitly. > Everything else describes the relationship of the zone to the root > (eg. "top level domain", "second level domain", etc.). > People who want to ascribe some meaning to who's responsible > for shared > top (or sometimes second) level zones talk about "global top level > domains" and "country code top level domains" or maybe "second level > country code domains", though none of these descriptions are > technically > meaningful in any way whatsoever -- they simply ascribe administrative > descriptions to ordinary top level (or maybe second level) > domain names. > > What more could you possibly need!?!?!?!? That's overly simplistic. Put a recursive SLD server up and see how fast the cache gets munged. > The only confusing terms that have been used repeatedly everywhere and > by most everyone at one time or another are "primary" and "secondary" > nameservers (especially when they give the impression that > there's only > one "secondary" nameserver). The new BIND documentation suggests the > much better terms "master" and "slave". There's only one > master, and it > might not even be registered or visible (though BIND's named will > complain if the master listed in the SOA isn't also listed as > one of the > NS records). There can be many slaves, and not all of them need to be > registered or visible either. Both the master and all of the slaves > will always answer authoritatively (at least to anyone who can reach > them and who they permit to query them). Either way if they're listed > in publicly visible NS records, either in their parent zone, or within > the zone, they'd damn well better answer authoritatively! Agreed. > This is not rocket science -- it's very very very simple > stuff! Anyone comfortable with keeping lists of things and understanding > hierarchical relationships between those lists can do DNS in their sleep once they > learn a half dozen very simple rules. I can almost agree. But the existance proof against this point is the ICANN. > I believe the reason that Internet DNS is in such a sorry state is > literally because it is so boringly simple yet particular > about the tiny > details that only an accountant-type personality would care about. We > need more accountants to do the DNS! :-) Interesting that you bring up accountancy, there is a fair amount of $$$ invloved here. |