Date: Wed, 01 Aug 2007 18:06:14 -0700 From: Peter Losher <Peter_Losher@isc.org> To: Doug Barton <dougb@FreeBSD.org> Cc: FreeBSD Current <freebsd-current@freebsd.org>, FreeBSD Stable <freebsd-stable@freebsd.org> Subject: Re: default dns config change causing major poolpah Message-ID: <46B12E06.5030809@isc.org> In-Reply-To: <46B10A28.8000908@FreeBSD.org> References: <46B01D5E.6050004@psg.com> <20070801110727.GC59008@menantico.com> <46B0EDEA.8050608@FreeBSD.org> <20070801211320.GE59008@menantico.com> <46B10A28.8000908@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigED375B9886EF6435715978DF Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Doug Barton wrote: > Here is where the problem lies. What you're saying here is simply not > true. I know several of the root operators personally, and in my > previous position as GM of IANA I worked with them directly both > individually and collectively. Everything involving a change to a root > server is done at a near-glacial pace. There no more danger that we > will wake up tomorrow unable to AXFR the root from any server than > there is that we'll wake up tomorrow not able to send resolver queries > to any root server. To say that this IS possible is FUD. Doug - that is a *BIG* assumption you just made there. As far as I know you didn't discuss this change with any of the root server operators (you certainly didn't with ISC) and we could have told you then how bad of a idea this was. It seems you made this change on instinct, and in addition nowhere does it state in RFC2870 that the root-servers have to accept AXFR's as part of their service. You just made with this change what was before a diagnostic service into a production service and you didn't even ask the folks most affected by it. This change should be yanked and yanked now until at least there has been some discussion with the root server operators. (and discussing it on the dns-operations@ list does not cut it) -Peter (with his root-ops hat on his desk) --=20 Peter_Losher@isc.org | ISC | OpenPGP 0xE8048D08 | "The bits must flow" --------------enigED375B9886EF6435715978DF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (Darwin) iD8DBQFGsS4GPtVx9OgEjQgRAjdyAJ4u/c8b22K8o/tJ4fHh7QT/zzmTHgCfcI3r mrajwqsBl47Spv0ADmZNFQU= =q+LN -----END PGP SIGNATURE----- --------------enigED375B9886EF6435715978DF--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46B12E06.5030809>