-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Ok, so you _do_ want to open this discussion. I'll do my best, with the caveat that this is pre-espresso. >Using the root servers defeats the purpose of the design of the whole >structure. I'll respectfully suggest that I'm not able to find any evidence in the RFC to support that conclusion. Read on ... > What I do if I don't like the ISP's DNS servers is use a >different one, but not the root. Perhaps there are open, publicly accessible, non-authoritative caches; I'm not aware of them. Nevertheless, I'm not sure there's anything to be gained by generating constant traffic to yet _another_ party, beyond myself, my ISP, and the target systems to which I'm connecting. > The easiest way to look at it is, if verybody did it, what would the >effect be? I certainly appreciate your desire to be a good netizen, but there are a few points you should understand. First, anyone who uses the BIND caching-nameserver out of the box on Red Hat _is_ doing this, and clearly the sky has not fallen. Second, a properly configured resolver isn't going to submit more than one query to roots for any given top level domain within the time-to-live for that record. For example, a quick query of the .com TLD shows a TTL of about 33 hours, so the cache is only hitting the .com servers at most once in that period, regardless of how heavy my traffic is. That's not nearly the overhead you may have been expecting. Third, ever seen the statistics of the traffic hitting the root servers when Windows 2000 was released? Now _there's_ a matter of far greater concern to the community than anything a properly configured cache is doing. But these aren't really arguments for running a local cache; they're just defenses against misguided reservations ( 1. everybody else is doing it, 2. it's not that bad, and 3. hey, we're not the worst, either). The arguments _for_ running a local cache are simple. First, on my 5-member LAN, I get better performance if I'm not sending unnecessary DNS traffic over my (relatively) slow uplink (and certainly better than I'd get if I were using a fourth-party resolver, as you advocate). Second, I have a deep respect for Earthlink/Mindspring, but it's simply not my ISP's place to decide whose records I should trust. I'll stay away from a discussion of BIND security and what it means for the internet (you disregarded my plea to not go into the cache debate, but for heaven's sake, heed _this_ plea -- don't go there!), but in the general case, there's no reason anyone should take their ISP's word that their caches are secure and properly configured. And finally, Brother Brett, please reply below the text which you're quoting, and please don't Cc the sender on list replies. Peace, and thank you. - -d - -- David Talkington PGP key: http://www.prairienet.org/~dtalk/0xCA4C11AD.pgp - -- http://setiathome.ssl.berkeley.edu/pale_blue_dot.html -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.75-6 iQA/AwUBPGFvGb9BpdPKTBGtEQLz2ACdGK+sGGWIU6OmyyZCeWz1BE3W14MAoN5E CXTwk0WcPXVqKJytm900D6fQ =XfCk -----END PGP SIGNATURE----- _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
