DNS delegation based on both location and organization
Brad Knowles
brad at stop.mail-abuse.org
Fri Sep 9 09:00:36 UTC 2005
At 10:17 AM +0200 2005-09-09, Stephane Bortzmeyer wrote:
>> But keep in mind that you don't want to list too many
>> authoritative servers (typically no more than four or five),
>
> You need many more servers to run into problems, even with very long
> queries (see http://w6.nic.fr/dnsv6/resp-size.html if you intend to
> calculate).
The OP is talking about using some pretty long hostnames and
domain names, of which the middle will be chopped out of each to
handle the city name. This will really hurt domain name compression.
>> when you start causing truncation, which results in DNS queries
>> having to be re-tried with TCP, etc....
>
> BIND has EDNS0 support for many years, which means it can bypass the
> 512-bytes limit without resorting to TCP.
This has nothing to do with BIND. This has to do with the
totally whacked-out stuff that I've run into when I was at AOL and
responsible for trying to cram the names and numbers for 49 MXes into
our DNS, because of the excessive amounts of reports we were getting
from all around the world from people who were unable to get mail to
use because their caching nameserver didn't support TCP (at least,
not by default), because they were stupid and blocked TCP port 53
traffic at their firewall, or because their resolver completely
freaked out and didn't know how to re-query with TCP when it received
a truncated response.
Trust me, unless you've been under the gun and you have
personally witnessed this kind of behaviour from all around the
world, and you're getting hundreds of complaints per day, many of
which are coming to you personally because people have managed to
find your name and phone number attached to pieces of information
that are not supposed to be publicly available, you can't begin to
understand the kinds of problems you're talking about.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the bind-users
mailing list