On Wed, 6 Feb 2002, David Talkington wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Ok, so you _do_ want to open this discussion. I'll do my best, with
> the caveat that this is pre-espresso.
>
I don't want to get into a long debate. I was just pointing out the
design concept behind DNS structure. If nobody wants to use it then lets
see when we can overload the system.
> >Using the root servers defeats the purpose of the design of the whole
> >structure.
>
> I'll respectfully suggest that I'm not able to find any evidence in
> the RFC to support that conclusion. Read on ...
>
I would not expect this to be part of the RFC. In my opinion this is a
way of distrubiting the load
> > What I do if I don't like the ISP's DNS servers is use a
> >different one, but not the root.
>
> Perhaps there are open, publicly accessible, non-authoritative caches;
> I'm not aware of them. Nevertheless, I'm not sure there's anything to
> be gained by generating constant traffic to yet _another_ party,
> beyond myself, my ISP, and the target systems to which I'm connecting.
>
But you are doing this by going to the root servers instead of your ISP's
DNS servers instead.
> > The easiest way to look at it is, if verybody did it, what would the
> >effect be?
>
> I certainly appreciate your desire to be a good netizen, but there are
> a few points you should understand. First, anyone who uses the BIND
> caching-nameserver out of the box on Red Hat _is_ doing this, and
> clearly the sky has not fallen. Second, a properly configured resolver
> isn't going to submit more than one query to roots for any given top
> level domain within the time-to-live for that record. For example, a
> quick query of the .com TLD shows a TTL of about 33 hours, so the
> cache is only hitting the .com servers at most once in that period,
> regardless of how heavy my traffic is. That's not nearly the overhead
> you may have been expecting. Third, ever seen the statistics of the
> traffic hitting the root servers when Windows 2000 was released? Now
> _there's_ a matter of far greater concern to the community than
> anything a properly configured cache is doing.
>
> But these aren't really arguments for running a local cache; they're
> just defenses against misguided reservations ( 1. everybody else is
> doing it, 2. it's not that bad, and 3. hey, we're not the worst,
> either). The arguments _for_ running a local cache are simple. First,
> on my 5-member LAN, I get better performance if I'm not sending
> unnecessary DNS traffic over my (relatively) slow uplink (and
> certainly better than I'd get if I were using a fourth-party resolver,
> as you advocate). Second, I have a deep respect for
> Earthlink/Mindspring, but it's simply not my ISP's place to decide
> whose records I should trust. I'll stay away from a discussion of
> BIND security and what it means for the internet (you disregarded my
> plea to not go into the cache debate, but for heaven's sake, heed
> _this_ plea -- don't go there!), but in the general case, there's no
> reason anyone should take their ISP's word that their caches are
> secure and properly configured.
>
If there is a problem with my ISP's cache I let them know and it gets
fixed. This is not very often.
I was trying to point out there is a design behind the DNS structure. It
is supposed to work like a tree. If some part of the structure is not
working then everything below it won't work. Yes going to the root should
work, assuming it has the information correct. It is like saying, I am
not going to ask my boss anything because he may have the information
wrong. I am only going to ask the board of directors only.
If you disagree with having the DNS work like a tree structure. Then
nothing I have mentioned here has any bearing. So I guess it comes down
to which method is believed to be the best.
> And finally, Brother Brett, please reply below the text which you're
> quoting, and please don't Cc the sender on list replies. Peace, and
> thank you.
>
I missed something hear why not? (not trying be difficult, just confused)
I like it when I post a question and the reply is sent to both the list
and myself. I am less likely to miss the answer I was looking for. I get
too many messages and the ones sent to myself are easily identified
> - -d
>
> - --
> David Talkington
>
> PGP key: http://www.prairienet.org/~dtalk/0xCA4C11AD.pgp
> - --
> http://setiathome.ssl.berkeley.edu/pale_blue_dot.html
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.5.8
> Comment: Made with pgp4pine 1.75-6
>
> iQA/AwUBPGFvGb9BpdPKTBGtEQLz2ACdGK+sGGWIU6OmyyZCeWz1BE3W14MAoN5E
> CXTwk0WcPXVqKJytm900D6fQ
> =XfCk
> -----END PGP SIGNATURE-----
>
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
>
david
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
