From owner-freebsd-stable@FreeBSD.ORG Thu Aug 2 01:06:16 2007 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0965916A41F; Thu, 2 Aug 2007 01:06:16 +0000 (UTC) (envelope-from Peter_Losher@isc.org) Received: from mx.isc.org (mx.isc.org [IPv6:2001:4f8:0:2::1c]) by mx1.freebsd.org (Postfix) with ESMTP id DE6BC13C45B; Thu, 2 Aug 2007 01:06:15 +0000 (UTC) (envelope-from Peter_Losher@isc.org) Received: from farside.isc.org (farside.isc.org [IPv6:2001:4f8:3:bb::5]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "farside.isc.org", Issuer "ISC CA" (verified OK)) by mx.isc.org (Postfix) with ESMTP id ADA6211402A; Thu, 2 Aug 2007 01:06:15 +0000 (UTC) (envelope-from Peter_Losher@isc.org) Received: from manx.isc.org (manx.isc.org [IPv6:2001:4f8:3:bb::37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by farside.isc.org (Postfix) with ESMTP id 461F2E601F; Thu, 2 Aug 2007 01:06:15 +0000 (UTC) (envelope-from Peter_Losher@isc.org) Message-ID: <46B12E06.5030809@isc.org> Date: Wed, 01 Aug 2007 18:06:14 -0700 From: Peter Losher Organization: ISC User-Agent: Thunderbird 2.0.0.5 (Macintosh/20070716) MIME-Version: 1.0 To: Doug Barton References: <46B01D5E.6050004@psg.com> <20070801110727.GC59008@menantico.com> <46B0EDEA.8050608@FreeBSD.org> <20070801211320.GE59008@menantico.com> <46B10A28.8000908@FreeBSD.org> In-Reply-To: <46B10A28.8000908@FreeBSD.org> X-Enigmail-Version: 0.95.2 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigED375B9886EF6435715978DF" Cc: FreeBSD Current , FreeBSD Stable Subject: Re: default dns config change causing major poolpah X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Aug 2007 01:06:16 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigED375B9886EF6435715978DF Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Doug Barton wrote: > Here is where the problem lies. What you're saying here is simply not > true. I know several of the root operators personally, and in my > previous position as GM of IANA I worked with them directly both > individually and collectively. Everything involving a change to a root > server is done at a near-glacial pace. There no more danger that we > will wake up tomorrow unable to AXFR the root from any server than > there is that we'll wake up tomorrow not able to send resolver queries > to any root server. To say that this IS possible is FUD. Doug - that is a *BIG* assumption you just made there. As far as I know you didn't discuss this change with any of the root server operators (you certainly didn't with ISC) and we could have told you then how bad of a idea this was. It seems you made this change on instinct, and in addition nowhere does it state in RFC2870 that the root-servers have to accept AXFR's as part of their service. You just made with this change what was before a diagnostic service into a production service and you didn't even ask the folks most affected by it. This change should be yanked and yanked now until at least there has been some discussion with the root server operators. (and discussing it on the dns-operations@ list does not cut it) -Peter (with his root-ops hat on his desk) --=20 Peter_Losher@isc.org | ISC | OpenPGP 0xE8048D08 | "The bits must flow" --------------enigED375B9886EF6435715978DF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (Darwin) iD8DBQFGsS4GPtVx9OgEjQgRAjdyAJ4u/c8b22K8o/tJ4fHh7QT/zzmTHgCfcI3r mrajwqsBl47Spv0ADmZNFQU= =q+LN -----END PGP SIGNATURE----- --------------enigED375B9886EF6435715978DF--