Variations on lame delegations (terminology question)

Ladislav Vobr lvobr at ies.etisalat.ae
Sun Oct 26 12:23:36 UTC 2003 


Simon Waters wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Ladislav Vobr wrote:
> 
>>but it doesn't stop bind to use them and use them and use them again and
>>again, if there is no better choice, thus causing very interesting
>>moments for many recursive server administrators? Is it really bad idea
>>to have lame-ttl covering the second and case as well, if we all agree
>>this is lame as well.
> 
> 
> We've been over this before.
yes, I know :-( still not happy about it

> 
> Short disruption 5 minutes - maybe local powercut or similar.
> Disconnect from Internet.
> UK query attempted, all UK (or root?) name servers marked lame as they
> don't respond.
> LAME-TTL 30 mintues....
> Downtime 35 minutes.

I agree, but it should be configurable, and perhaps disabled by default, 
but I miss it as an option.
> 
> Current situation 5 minutes downtime.
> 
> If everyone had "geographically" diverse nameservers it might make some
> sense to cache inaccessibility, but they don't.
> 
> The nature of caching servers is to act as a damper in such circumstances.
> 
> No one else seems to see this as a major problem, is there perhaps
> something wrong with your own network architecture that is causing this
> to be more of a problem than it should be?
hmm, just write a small program which will query your recursive servers 
for one, two particular domain name without any retry timeout if no 
answer came, possibly at the bandwidth speed, and distribute it to 
20-40.000 of your customers and let them run it 24x7, pretty much 
everybody will have a problem

this program is called for example YAHHA-H or take any other internet 
virus/trojan
> 
> I don't believe there are enough such completely broken zones repeatedly
> queried this can't be handled by other means, I mean any zone that broke
>  is unlikely to be very popular.

viruses and ddos are big threat today and bigger tomorrow, providing 
services with these two around is very hard sometimes

but overall, you have a point as well, and perhaps more valid

Ladislav


> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQE/m7MDGFXfHI9FVgYRAhYiAKDVcO5QVPK4koUw2b3+F9Ug2IS3ngCeMsBK
> 3mGqkHGvLn3eDLkP+5wfanU=
> =8kkJ
> -----END PGP SIGNATURE-----
> 
>

More information about the bind-users mailing list