Just got on this thing (perhaps very belatedly) - root server trouble?
Michael Handler
handler at sub-rosa.com
Tue Feb 18 02:04:45 UTC 1997
In <199702180144.TAA23839 at Jupiter.Mcs.Net>,
Karl Denninger <karl at Mcs.Net> wrote:
> > And shouldn't "root servers" have recursive queries turned off?:
>
> Until VERY recently they weren't on the existing roots. And, by the way,
> while we're talking about that, what is this about hosting the 800,000-some-
> odd NSI domains on the roots?
Nice dodge. But you do then admit to having recursion available on
your "new improved r00t n at m3s3rv3rs" for several months, until someone
else pointed it out to you?
"They did the same thing a while back!" isn't an acceptable answer. (I
don't even think it's true. I haven't seen a recursive query answered
via a root nameserver since I started actively doing DNS administration
over a year ago.) Even if that is so, you shouldn't have made the same
mistake, especially *after* the operators of the IANA root servers
corrected the misconfiguration.
> The point at hand, though, is that we haven't had *any* operational incidents
> since eDNS was launched that could be in any way traced to the other root
> servers. None at all.
>
> Meanwhile, there have been several service-affecting issues on the
> IANA-sponsored roots in the same time frame.
I haven't seen any problems because of these supposed "service-affecting
issues". Perhaps you should check the quality of your network connectivity?
> What was that edict again? "Rough consensus and operational code"? We
> certainly do seem to have that.
The code's fine; it just appears you don't know how to configure it correctly.
Try reading the BIND Operations Guide (BOG) next time; it says explicitly
that the root nameservers should run with "options no-recursion".
--
Michael Handler <handler at sub-rosa.com> Washington, D.C.
More information about the NANOG
mailing list