On 02/16/2011 11:50, Franck Martin wrote:
----- Original Message -----
From: "Martin Millnert"<millnert@gmail.com> To: "Marshall Eubanks"<tme@americafree.tv> Cc: "North American Network Operators Group"<nanog@nanog.org> Sent: Thursday, 17 February, 2011 8:28:22 AM Subject: Re: NYTimes: Egypt Leaders Found ‘Off’ Switch for Internet On Wed, Feb 16, 2011 at 9:09 AM, Marshall Eubanks<tme@americafree.tv> wrote:
On Feb 16, 2011, at 12:15 AM, Joly MacFie wrote:
"
Operating local IRC networks is good, as is having local OS mirrors, such as Debian/Ubuntu and let's not forget, having a resilient DNS configuration (root zone copy hint 101: "dig @k.root-servers.net. . axfr"). A securely distributed
Would it make sense for an ISP to "store" the root zone on their DNS servers instead of letting it be refreshed by the DNS cache? A cron job could refresh it from time to time. It would avoid entries from expiring and would always serve to clients entries with max ttl?
A root server would be better, but that could be an intermediary step?
Just speaking out loud here, so it may be total non-sense...
This is a subject of intense debate amongst the DNS literati: CON: 1. Failure to pay attention to your setup could cause you to have a stale root zone. PRO: 1. Faster local resolution for your users, especially for malformed queries. 2. No spurious traffic will be sent from your network to the roots 3. Greater resilience to any potential root server failure/DDoS Personally I've been doing it for years, never had a problem. On larger sites where I have a lot of resolvers I make the hidden master a slave for the root zone, and also allow the local resolvers to slave it from the hidden master to be more net.friendly. For BIND, make sure you include "notify no;" in your zone{} statement. hth, Doug -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/