Variations on lame delegations (terminology question)
Ladislav Vobr
lvobr at ies.etisalat.ae
Sun Oct 26 12:23:36 UTC 2003
Simon Waters wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Ladislav Vobr wrote:
>
>>but it doesn't stop bind to use them and use them and use them again and
>>again, if there is no better choice, thus causing very interesting
>>moments for many recursive server administrators? Is it really bad idea
>>to have lame-ttl covering the second and case as well, if we all agree
>>this is lame as well.
>
>
> We've been over this before.
yes, I know :-( still not happy about it
>
> Short disruption 5 minutes - maybe local powercut or similar.
> Disconnect from Internet.
> UK query attempted, all UK (or root?) name servers marked lame as they
> don't respond.
> LAME-TTL 30 mintues....
> Downtime 35 minutes.
I agree, but it should be configurable, and perhaps disabled by default,
but I miss it as an option.
>
> Current situation 5 minutes downtime.
>
> If everyone had "geographically" diverse nameservers it might make some
> sense to cache inaccessibility, but they don't.
>
> The nature of caching servers is to act as a damper in such circumstances.
>
> No one else seems to see this as a major problem, is there perhaps
> something wrong with your own network architecture that is causing this
> to be more of a problem than it should be?
hmm, just write a small program which will query your recursive servers
for one, two particular domain name without any retry timeout if no
answer came, possibly at the bandwidth speed, and distribute it to
20-40.000 of your customers and let them run it 24x7, pretty much
everybody will have a problem
this program is called for example YAHHA-H or take any other internet
virus/trojan
>
> I don't believe there are enough such completely broken zones repeatedly
> queried this can't be handled by other means, I mean any zone that broke
> is unlikely to be very popular.
viruses and ddos are big threat today and bigger tomorrow, providing
services with these two around is very hard sometimes
but overall, you have a point as well, and perhaps more valid
Ladislav
> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQE/m7MDGFXfHI9FVgYRAhYiAKDVcO5QVPK4koUw2b3+F9Ug2IS3ngCeMsBK
> 3mGqkHGvLn3eDLkP+5wfanU=
> =8kkJ
> -----END PGP SIGNATURE-----
>
>
More information about the bind-users
mailing list