DNS delegation based on both location and organization

Brad Knowles brad at stop.mail-abuse.org
Fri Sep 9 09:00:36 UTC 2005 

At 10:17 AM +0200 2005-09-09, Stephane Bortzmeyer wrote:

>>  	But keep in mind that you don't want to list too many
>>  authoritative servers (typically no more than four or five),
>
>  You need many more servers to run into problems, even with very long
>  queries (see http://w6.nic.fr/dnsv6/resp-size.html if you intend to
>  calculate).

	The OP is talking about using some pretty long hostnames and 
domain names, of which the middle will be chopped out of each to 
handle the city name.  This will really hurt domain name compression.

>>  when you start causing truncation, which results in DNS queries
>>  having to be re-tried with TCP, etc....
>
>  BIND has EDNS0 support for many years, which means it can bypass the
>  512-bytes limit without resorting to TCP.

	This has nothing to do with BIND.  This has to do with the 
totally whacked-out stuff that I've run into when I was at AOL and 
responsible for trying to cram the names and numbers for 49 MXes into 
our DNS, because of the excessive amounts of reports we were getting 
from all around the world from people who were unable to get mail to 
use because their caching nameserver didn't support TCP (at least, 
not by default), because they were stupid and blocked TCP port 53 
traffic at their firewall, or because their resolver completely 
freaked out and didn't know how to re-query with TCP when it received 
a truncated response.

	Trust me, unless you've been under the gun and you have 
personally witnessed this kind of behaviour from all around the 
world, and you're getting hundreds of complaints per day, many of 
which are coming to you personally because people have managed to 
find your name and phone number attached to pieces of information 
that are not supposed to be publicly available, you can't begin to 
understand the kinds of problems you're talking about.

-- 
Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.

More information about the bind-users mailing list