Microsoft spokesperson blames ICANN

Greg A. Woods woods at weird.com
Thu Jan 25 20:15:55 UTC 2001 

[ On Thursday, January 25, 2001 at 19:17:15 (+0800), Adrian Chadd wrote: ]
> Subject: Re: Microsoft spokesperson blames ICANN
>
> On Wed, Jan 24, 2001, Greg A. Woods wrote:
> > 
> > I'd bet any high-school kid who had any experience whatsoever at
> > installing Linux or FreeBSD could no doubt blow a real OS and a native
> > BIND install onto any sufficiently capable set of four machines in about
> > an hour or so and provided that someone could cough up at least a
> > half-baked zone file from somewhere to load on them they'd all be online
> > and answering to the registered nameserver IP numbers in no time flat.
> > Certainly in less than what's apparently going to be at least 23 hours
> > now!
> 
> I'm going to play devils advocate here.
> 
> * I bet any high school kid setup Linux or FreeBSD box will probably die
>   under the load of M$'s zones - the default out-of-the-box config
>   is nice, but not *nice*.

Well, that's why I said "sufficiently capable machine".....  Give *me* a
pair of 1GHz Xeon processors with >=2MB cache on a dual-bus motherboard,
1GB of RAM, a pair of 1000baseT interfaces (one for a private
administrative interface), a fiber-channel attached RAID array that's
properly tuned for speed, and the latest version of FreeBSD, and we'll
see just how many queries per second such a box can answer!  ;-)

Obviously you'd want to install only the bare minimum of software
necessary and then turn off inetd and any other stand-alone network
daemon but named....

> * You have no idea whether M$'s DNS servers are serving static zone
>   files, back ended to a database, talking to a mapper of some sort,
>   whatever.

It doesn't really matter -- that's a back-office implementation issue.
The part that's answering the queries has a terribly simple job to do.

However in theory if they've got a reliable internal nameserver that's,
for example, either insecure or incapable of handling the public query
load, then they can update that one any way they please and let BIND on
the authoritative server do the zone transfer from it.  Dynamic DNS is
useless if you don't have your TTLs set right, and if you do have your
TTLs right then getting the SOA right is trivial too, and once you've
done that it doesn't matter if you stick an extra zone transfer in the
path.  So long as they're not being total idiots and trying to void
BIND's warranty with <300 sec. TTLs, they'd do just fine.

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods at acm.org>      <robohack!woods>
Planix, Inc. <woods at planix.com>; Secrets of the Weird <woods at weird.com>

More information about the NANOG mailing list