How (un)common is lack of DNS server diversity?
Roeland Meyer
rmeyer at mhsc.com
Sun Jan 28 00:15:49 UTC 2001
> From: woods at weird.com [mailto:woods at weird.com]
> Sent: Saturday, January 27, 2001 3:38 PM
> [ On Saturday, January 27, 2001 at 14:40:39 ( -0800), Roeland
> Meyer wrote: ]
> > Subject: RE: How common is lack of DNS server diversity?
> >
> > Then, how do you intelligently talk about the other
> entities I bring up?
>
> An "authoritative nameserver" is, well, an authoritative nameserver.
> Nothing more, nothing less. If it's registered (in the
> parent zone, or
> the root cache/hints file in the case of a top level zone)
> but it's not
> actually answering authoritatively (but it is answering) then it's
> considered to be "lame".
Actually, in /bind/contrib, there are programs to chase down and email
hostmaster of lame servers. They are considered not-acceptable. BIND also
err-logs these, explicitly.
> Everything else describes the relationship of the zone to the root
> (eg. "top level domain", "second level domain", etc.).
> People who want to ascribe some meaning to who's responsible
> for shared
> top (or sometimes second) level zones talk about "global top level
> domains" and "country code top level domains" or maybe "second level
> country code domains", though none of these descriptions are
> technically
> meaningful in any way whatsoever -- they simply ascribe administrative
> descriptions to ordinary top level (or maybe second level)
> domain names.
>
> What more could you possibly need!?!?!?!?
That's overly simplistic. Put a recursive SLD server up and see how fast the
cache gets munged.
> The only confusing terms that have been used repeatedly everywhere and
> by most everyone at one time or another are "primary" and "secondary"
> nameservers (especially when they give the impression that
> there's only
> one "secondary" nameserver). The new BIND documentation suggests the
> much better terms "master" and "slave". There's only one
> master, and it
> might not even be registered or visible (though BIND's named will
> complain if the master listed in the SOA isn't also listed as
> one of the
> NS records). There can be many slaves, and not all of them need to be
> registered or visible either. Both the master and all of the slaves
> will always answer authoritatively (at least to anyone who can reach
> them and who they permit to query them). Either way if they're listed
> in publicly visible NS records, either in their parent zone, or within
> the zone, they'd damn well better answer authoritatively!
Agreed.
> This is not rocket science -- it's very very very simple
> stuff! Anyone comfortable with keeping lists of things and understanding
> hierarchical relationships between those lists can do DNS in their sleep
once they
> learn a half dozen very simple rules.
I can almost agree. But the existance proof against this point is the ICANN.
> I believe the reason that Internet DNS is in such a sorry state is
> literally because it is so boringly simple yet particular
> about the tiny
> details that only an accountant-type personality would care about. We
> need more accountants to do the DNS! :-)
Interesting that you bring up accountancy, there is a fair amount of $$$
invloved here.
More information about the NANOG
mailing list