Setting up a Root name server

Cricket Liu cricket at acmebw.com
Fri Sep 3 22:35:19 UTC 1999 

chris <chris at megabytecoffee.com> wrote in message
news:<37D04580.C60C62CF at megabytecoffee.com>...
> > That's not going to be enough, for reasons I've already described.  When
> > your name servers start up, they'll send a sysquery to one of the name
> > servers in the root hints file--picked at random--and ask for the
current
> > list of roots.  13 out of 14 times that list will not include your
internal
> > root name server at all, so they won't use it.
>
> I don't supose you can see a way around that? I dont want to run my
servers
> without the ability to fall back to the other root servers. Does BIND
actualy
> randomly select a root server out of the hint file??

If I read the source correctly, they'll all get random, low RTT values to
begin with, and then the first query that requires contacting a root name
server will go to the one that happened to get the lowest RTT.

You could make sure your internal root name server is the one your internal
name servers contact *the first time* by listing only your internal root in
the root hints file, but then you'd be in big trouble if your internal root
failed and someone restarted an internal name server.  This also won't solve
the problem of successive sysqueries, though it's more likely that these
will be sent to the root name server with the lowest RTT, which will
presumably be your internal root.  There's no guarantee of this, though.

Then, finally, there's the problem of the number of root name servers.
You're presumably going to add an NS record for your internal root name
server to the root zone data file you're getting from NSI.  But there are
only 13 root name servers on the Internet for good reason:  More than that
and the records won't fit into a 512 byte UDP response.  Consequently, if
you add a 14th NS record and a 14th A record, your internal name servers
will get truncated UDP responses to their sysqueries when they query your
internal root.  Modern name servers will retry over TCP, but your internal
root can't service nearly as many TCP queries as it can UDP.  I guess you
could just delete one of a-m.root.servers.net from your root zone data file.
I'd delete the one farthest away from you.

Anyway, what I think all of us are trying to get at is simply that the
problem is thornier than it at first sounds.

cricket

Acme Byte & Wire
cricket at acmebw.com
www.acmebw.com

Attend our next DNS and BIND class!  See
www.acmebw.com/training.htm for the
schedule and to register for upcoming
classes.

More information about the bind-users mailing list