On the control of the Internet.

Joe Greco jgreco at ns.sol.net
Sun Jun 13 21:05:56 UTC 2010


> On 6/13/2010 14:59, Joe Greco wrote:
> 
> >>>> How about the case where the master zone file has be amputated and the
> >>>> secondaries can no longer get updates?
> 
> Mea culpa.
> 
> That was suppose to say "How about the case where the master zone file
> has beEN amputated and the secondaries can no longer get updates?
> 
> My apologies.

Do you actually mean that the master zone file has been modified by the
government?  If so, how is that intertwined with secondaries no longer
being able to get updates?

Work with me, here, I'm trying to understand what you're saying.

If the government has corrupted your master, and they actually want those
changes pushed out, one would expect that:

1) your master is not public to begin with (just good design, that, ..)
2) they would definitely not damage it in a manner that broke the
   ability of the secondaries to update, because presumably the reason
   they changed your zone was to push their data out to the 'net under
   your domain name, and that wouldn't work without the secondaries.
3) if they just wanted your domain to go away, there are easier ways to
   make that happen.

So from my point of view, your question still makes no sense, even as
corrected.  I may be missing your point.

Otherwise, if your question is "How about the case where the master zone
file SERVER has been rendered unreachable and the secondaries can no
longer get updates," I think I answered that already, between the public
and private e-mails we've exchanged.  The fundamental answer there is 
just to engineer it to avoid that being a serious problem; this includes
things like trying to maintain a static DNS environment (dynamic updates
of things == somewhat bad, particularly where such updates are required
for proper operation), setting your expire record accordingly, and/or
maintaining a contingency plan for updating your secondaries through an
out-of-band mechanism, such as floppy disk via FedEx, modem to private
dial-in, or pretty much any other way one uses to get bits from A to B.

... JG
-- 
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"We call it the 'one bite at the apple' rule. Give me one chance [and] then I
won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN)
With 24 million small businesses in the US alone, that's way too many apples.




More information about the NANOG mailing list