In <199702180144.TAA23839@Jupiter.Mcs.Net>, Karl Denninger <karl@Mcs.Net> wrote:
And shouldn't "root servers" have recursive queries turned off?:
Until VERY recently they weren't on the existing roots. And, by the way, while we're talking about that, what is this about hosting the 800,000-some- odd NSI domains on the roots?
Nice dodge. But you do then admit to having recursion available on your "new improved r00t n@m3s3rv3rs" for several months, until someone else pointed it out to you? "They did the same thing a while back!" isn't an acceptable answer. (I don't even think it's true. I haven't seen a recursive query answered via a root nameserver since I started actively doing DNS administration over a year ago.) Even if that is so, you shouldn't have made the same mistake, especially *after* the operators of the IANA root servers corrected the misconfiguration.
The point at hand, though, is that we haven't had *any* operational incidents since eDNS was launched that could be in any way traced to the other root servers. None at all.
Meanwhile, there have been several service-affecting issues on the IANA-sponsored roots in the same time frame.
I haven't seen any problems because of these supposed "service-affecting issues". Perhaps you should check the quality of your network connectivity?
What was that edict again? "Rough consensus and operational code"? We certainly do seem to have that.
The code's fine; it just appears you don't know how to configure it correctly. Try reading the BIND Operations Guide (BOG) next time; it says explicitly that the root nameservers should run with "options no-recursion". -- Michael Handler <handler@sub-rosa.com> Washington, D.C.