Date: Wed, 01 Aug 2007 23:51:59 -0700 From: Peter Losher <Peter_Losher@isc.org> To: freebsd-stable@freebsd.org, freebsd-current@freebsd.org Subject: Re: default dns config change causing major poolpah Message-ID: <46B17F0F.20108@isc.org> In-Reply-To: <30863.1186034398@critter.freebsd.dk> References: <30863.1186034398@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig5DCA3B40C9F7A155CED380CD Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Poul-Henning Kamp wrote: > That said, I fully agree with the spirit of this change, I have > myself seen what positive difference it makes for servers in Denmark > to have a slave of the .dk zone, particular for busy mailservers. One of the other objections I have with this change (other than the fact that it was made w/o consultation) is the fact that this is would become the "default" setting. Yes, busy mail servers may be better served by slaving frequently used zones, and as Vixie mentioned on the dns-operations list, there is less objection if "wizards" use AXFR, and they would perhaps know more of the pitfalls that doing this entails (vs. relying on hints). But the fact is this is being enabled for every Tom, Dick, and Sarah operating a OS who won't know what the possible ramifications are of this change, and the benefit compared to the downside is nonexistant. And that is *BAD, BAD, BAD*. Has this change been raised on the relevant IETF DNS operations list? These are the defaults we are talking about here. I will reiterate, this change needs to be rolled back until there has been more discussion. dbarton mentioned earlier that root operators make changes on a glacial scale. There is a reason for that. ;) Best Wishes - Peter --=20 Peter_Losher@isc.org | ISC | OpenPGP 0xE8048D08 | "The bits must flow" --------------enig5DCA3B40C9F7A155CED380CD Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iD8DBQFGsX8PPtVx9OgEjQgRArL5AJ9SOaLsdg8ZpwtpsoDuXJED2e+acACdFcRi 305fqdTfQ6bzIDl4MbkLC94= =hWnh -----END PGP SIGNATURE----- --------------enig5DCA3B40C9F7A155CED380CD--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46B17F0F.20108>