Just got on this thing (perhaps very belatedly) - root server trouble?

Tue Feb 18 02:04:45 UTC 1997

In <199702180144.TAA23839 at Jupiter.Mcs.Net>,
Karl Denninger <karl at Mcs.Net> wrote:

> > And shouldn't "root servers" have recursive queries turned off?:
> 
> Until VERY recently they weren't on the existing roots.  And, by the way,
> while we're talking about that, what is this about hosting the 800,000-some-
> odd NSI domains on the roots?

Nice dodge. But you do then admit to having recursion available on
your "new improved r00t n at m3s3rv3rs" for several months, until someone
else pointed it out to you?

"They did the same thing a while back!" isn't an acceptable answer. (I
don't even think it's true. I haven't seen a recursive query answered
via a root nameserver since I started actively doing DNS administration
over a year ago.) Even if that is so, you shouldn't have made the same
mistake, especially *after* the operators of the IANA root servers
corrected the misconfiguration.

> The point at hand, though, is that we haven't had *any* operational incidents
> since eDNS was launched that could be in any way traced to the other root
> servers.  None at all.
> 
> Meanwhile, there have been several service-affecting issues on the 
> IANA-sponsored roots in the same time frame.

I haven't seen any problems because of these supposed "service-affecting
issues". Perhaps you should check the quality of your network connectivity?

> What was that edict again?  "Rough consensus and operational code"?  We
> certainly do seem to have that.

The code's fine; it just appears you don't know how to configure it correctly.
Try reading the BIND Operations Guide (BOG) next time; it says explicitly
that the root nameservers should run with "options no-recursion".

-- 
Michael Handler <handler at sub-rosa.com>                        Washington, D.C.