[ On Thursday, January 25, 2001 at 19:17:15 (+0800), Adrian Chadd wrote: ]
Subject: Re: Microsoft spokesperson blames ICANN
On Wed, Jan 24, 2001, Greg A. Woods wrote:
I'd bet any high-school kid who had any experience whatsoever at installing Linux or FreeBSD could no doubt blow a real OS and a native BIND install onto any sufficiently capable set of four machines in about an hour or so and provided that someone could cough up at least a half-baked zone file from somewhere to load on them they'd all be online and answering to the registered nameserver IP numbers in no time flat. Certainly in less than what's apparently going to be at least 23 hours now!
I'm going to play devils advocate here.
* I bet any high school kid setup Linux or FreeBSD box will probably die under the load of M$'s zones - the default out-of-the-box config is nice, but not *nice*.
Well, that's why I said "sufficiently capable machine"..... Give *me* a pair of 1GHz Xeon processors with >=2MB cache on a dual-bus motherboard, 1GB of RAM, a pair of 1000baseT interfaces (one for a private administrative interface), a fiber-channel attached RAID array that's properly tuned for speed, and the latest version of FreeBSD, and we'll see just how many queries per second such a box can answer! ;-) Obviously you'd want to install only the bare minimum of software necessary and then turn off inetd and any other stand-alone network daemon but named....
* You have no idea whether M$'s DNS servers are serving static zone files, back ended to a database, talking to a mapper of some sort, whatever.
It doesn't really matter -- that's a back-office implementation issue. The part that's answering the queries has a terribly simple job to do. However in theory if they've got a reliable internal nameserver that's, for example, either insecure or incapable of handling the public query load, then they can update that one any way they please and let BIND on the authoritative server do the zone transfer from it. Dynamic DNS is useless if you don't have your TTLs set right, and if you do have your TTLs right then getting the SOA right is trivial too, and once you've done that it doesn't matter if you stick an extra zone transfer in the path. So long as they're not being total idiots and trying to void BIND's warranty with <300 sec. TTLs, they'd do just fine. -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>