New Outage Hits Comcast Subscribers
BetaNews: New Outage Hits Comcast Subscribers http://www.betanews.com/article/New_Outage_Hits_Comcast_Subscribers/11133676... - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg@netzero.net or fergdawg@sbcglobal.net ferg's tech blog: http://spaces.msn.com/members/fergdawg/
During the first outage this week I used Bluetooth DUN via my Treo to dial-up from home and check Comcast's customer support web page. There was a note on the "network health" page stating that Internet access was down for all cable modem subscribers. Uh no, it wasn't down - just their DNS was down (which I suppose to most is the same as the Internet being down). Of course, none of Comcast's subscribers could actually get to that page unless they had an alternative service or could manually modify their DNS settings to point elsewhere. (I'm reminded of Less Nessmen's famous broadcast announcing that WKRP was off the air). Irwin
From: "Fergie (Paul Ferguson)" <fergdawg@netzero.net> Date: Wed, 13 Apr 2005 14:15:50 GMT To: <nanog@merit.edu> Subject: New Outage Hits Comcast Subscribers
BetaNews:
New Outage Hits Comcast Subscribers http://www.betanews.com/article/New_Outage_Hits_Comcast_Subscribers/11133676...
- ferg
-- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg@netzero.net or fergdawg@sbcglobal.net ferg's tech blog: http://spaces.msn.com/members/fergdawg/
Dear Comcast, Let me inform you of an exciting new concept... Anycast DNS... It is not difficult... Get with the freaking program... Peter On Apr 13, 2005, at 7:15 AM, Fergie (Paul Ferguson) wrote:
BetaNews:
New Outage Hits Comcast Subscribers http://www.betanews.com/article/New_Outage_Hits_Comcast_Subscribers/ 1113367699
- ferg
-- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg@netzero.net or fergdawg@sbcglobal.net ferg's tech blog: http://spaces.msn.com/members/fergdawg/
On Wed, 13 Apr 2005, Peter John Hill wrote:
Let me inform you of an exciting new concept... Anycast DNS... It is not difficult... Get with the freaking program...
I attempted to get DNS deployed under anycast when I worked there. As you can see, I don't work there any more. Draw your own conclusions. -- Brandon Ross AIM: BrandonNRoss Director, Network Engineering ICQ: 2269442 Internap Yahoo: BrandonNRoss
Let me inform you of an exciting new concept... Anycast DNS... It is not difficult... Get with the freaking program...
Are you suggesting that network operators should supply their customers with recursive DNS services by operating DNS servers on their network which share the same anycast addresses as the recursive DNS servers on other networks? Or are you suggesting that a network operator should set up anycast internal to their network so that all of their recursive DNS servers share the same IP address? I'd like to hear some more detail on this. --Michael Dillon
Let me inform you of an exciting new concept... Anycast DNS... It is not difficult... Get with the freaking program...
* Michael.Dillon@radianz.com (Michael.Dillon@radianz.com) [Thu 14 Apr 2005, 12:03 CEST]:
Are you suggesting that network operators should supply their customers with recursive DNS services by operating DNS servers on their network which share the same anycast addresses as the recursive DNS servers on other networks?
Or are you suggesting that a network operator should set up anycast internal to their network so that all of their recursive DNS servers share the same IP address?
I'd like to hear some more detail on this.
Michael, put down the crackpipe already, will you? *Of course* the previous (unattributed) poster was not talking about hijacking other people's address space, but suggested that it's a good idea to not make your entire customer base reliant on two puny servers somewhere. I find this obvious. -- Niels. -- The idle mind is the devil's playground
Are you suggesting that network operators should supply their customers with recursive DNS services by operating DNS servers on their network which share the same anycast addresses as the recursive DNS servers on other networks?
Or are you suggesting that a network operator should set up anycast internal to their network so that all of their recursive DNS servers share the same IP address?
I'd like to hear some more detail on this.
Michael, put down the crackpipe already, will you? *Of course* the previous (unattributed) poster was not talking about hijacking other people's address space, but suggested that it's a good idea to not make your entire customer base reliant on two puny servers somewhere.
Maybe you should reread the two messages. The poster suggested that anycast was the way to make sure that your userbase does not have two rely on two puny servers somewhere for recursive DNS services. So, the question remains, does the poster think that network operators should band together and operate shared anycast recursive DNS services? Or does the poster think that network operators should operate many recursive DNS servers throughout their infrastructure and tie them together using anycast? Or was it something else? If anycast is a good idea for recursive DNS service, then there is a 3rd party business opportunity here to operate global recursive DNS services so that network operators can focus on running the network, not on providing services like DNS resolution. --Michael Dillon
On Thu, 14 Apr 2005 Michael.Dillon@radianz.com wrote:
So, the question remains, does the poster think that network operators should band together and operate shared anycast recursive DNS services? Or does the poster think that network operators should operate many recursive DNS servers throughout their infrastructure and tie them together using anycast?
I don't know what the other poster(s) were referring to, but I was not suggesting that network operators try to run some unified DNS infrastructure. It is an intriguing idea, however.
If anycast is a good idea for recursive DNS service, then there is a 3rd party business opportunity here to operate global recursive DNS services so that network operators can focus on running the network, not on providing services like DNS resolution.
Perhaps even more interesting is being able to sell anycasted reverse DNS service directly to users that are connected to incompetent providers. ;-) Seriously, though, some benefits can be imagined, like being able to use the same DNS server on my laptop no matter where in the world I plug in. -- Brandon Ross AIM: BrandonNRoss Director, Network Engineering ICQ: 2269442 Internap Yahoo: BrandonNRoss
On Thu, 14 Apr 2005, Christopher L. Morrow wrote:
On Thu, 14 Apr 2005, Brandon Ross wrote:
;-) Seriously, though, some benefits can be imagined, like being able to use the same DNS server on my laptop no matter where in the world I plug in.
people do that today.... unforunately they do it with 198.6.1.1 :(
Its called DHCP/PPP, both will auto-magically configure the correct DNS for your current network connection. If your laptop changes IP addresses, it should get new network configuration details for the current network.
I have completely given up on relying on Comcast for dns service... For now I will continue to use them for "transit" If they are unwilling to implement anycast dns then I cannot trust them... On my mac... sudo vi /etc/hostconfig DNSSERVER=-YES- :wq No wonder entrenched broadband ISPs are so against metro wifi... Peter On Apr 14, 2005, at 10:07 AM, Sean Donelan wrote:
On Thu, 14 Apr 2005, Christopher L. Morrow wrote:
On Thu, 14 Apr 2005, Brandon Ross wrote:
;-) Seriously, though, some benefits can be imagined, like being able to use the same DNS server on my laptop no matter where in the world I plug in.
people do that today.... unforunately they do it with 198.6.1.1 :(
Its called DHCP/PPP, both will auto-magically configure the correct DNS for your current network connection. If your laptop changes IP addresses, it should get new network configuration details for the current network.
At 02:00 PM 4/14/2005, Peter John Hill wrote:
I have completely given up on relying on Comcast for dns service... For now I will continue to use them for "transit"
If they are unwilling to implement anycast dns then I cannot trust them...
It's unclear why anycast would be required. Most or all of their customers use DHCP to obtain address information, including DNS information. It would be just as reasonable for them to install a few small DNS servers along-side the router at the cable head-end at every town. Now it might be simpler for them to manage if they placed those same servers but used Anycast, but the effect should be the same. The point is, anycast is not the issue. Reliable service is the issue. DNS isn't their only issue, of course (that they're single-homed to AT&T adds to their unreliability, not that they can fix that at present). Dan
On Thu, 2005-04-14 at 14:24 -0400, Daniel Senie wrote:
The point is, anycast is not the issue. Reliable service is the issue. DNS isn't their only issue, of course (that they're single-homed to AT&T adds to their unreliability, not that they can fix that at present).
The deeper issue is that most Comcast customers (and I am one) don't have an SLA, don't have a pressing need, and don't really care to pay more for a resilient infrastructure at Comcast (or any other +90% home provider). If I wanted to run a business out of my home I would bring in some SLA backed bandwidth. I don't think that is unreasonable. When Comcast goes down at home I hop in the car or walk a few blocks to one of many wifi outlets (some even free). Yes, that does make it difficult to check email or pay bills at 6am in my bath robe, but it works. Would I *like* to see Comcast 100% bulletproof? Sure. Do I *need* to see Comcast 100% bulletproof? No. Just my $.02 -Jim P.
On Apr 14, 2005, at 11:59 AM, Jim Popovitch wrote:
When Comcast goes down at home I hop in the car or walk a few blocks to one of many wifi outlets (some even free). Yes, that does make it difficult to check email or pay bills at 6am in my bath robe, but it works.
Would I *like* to see Comcast 100% bulletproof? Sure. Do I *need* to see Comcast 100% bulletproof? No.
I just don't want my wife to complain to me that she could not check her email because "the Internet was broken" :-)
Peter John Hill wrote:
I just don't want my wife to complain to me that she could not check her email because "the Internet was broken"
Serious answer to a non-serious comment: The group that reads this mailing list can be assumed to be more technically savvy than most people, right? OK. So, I run my own DNS server and have a guy providing three secondaries. I use mine and one of his (the one that is geographically distant from mine, as well as on a different segment of Internet), instead of my cable company's, because their DNS servers don't seem to see zone updates as quickly as I'd like them to see them. I run my own mail server, from which my family's mailboxes are served. This is mainly due to my irrational preference to have 100% control over my email. ;) No reason why others couldn't do something similar, unless Comcast is blocking 53/udp (mainly) and 53/tcp. (NB: My cable company is not Comcast, but it is one of the other large providers. NB also that while I get my IP address via DHCP, I choose not to use the DNS servers offered to me when I renew my DHCP lease.) -- JustThe.net - Apple Valley, CA - http://JustThe.net/ - 888.480.4NET (4638) Steven J. Sobol, Geek In Charge / sjsobol@JustThe.net / PGP: 0xE3AE35ED "The wisdom of a fool won't set you free" --New Order, "Bizarre Love Triangle"
Do you understand anycast? Do you understand how different operating systems react to failures of configured dns servers? You really need to look into anycast and see why it is used. Perhaps the comcast people are as naive as you about dns... Check out: http://www.net.cmu.edu/pres/anycast/ or my favorite: http://www.net.cmu.edu/pres/lisa03/ This excellent presentation will help you with your understanding: "In configuring multiple hosts to respond to the same address, stateless protocols such as DNS can be easily scaled. Servers can be located in closer proximity to clients, providing faster responses to queries. In the event of a single host failure, routes can quickly be withdrawn and servers in other locations handle the request traffic, all without any changes to client configurations. Recursive DNS clients built into many of today's operating systems deal rather poorly with a failure of their primary recursive server. Of eight operating systems evaluated in a recent survey, seven kept no history of failed servers, trying each DNS query against the first server and waiting for a response before moving to secondary servers. Using anycast, service is maintained even in the face of a single or multiple host failure. This substantially reduces resolution delays due to server failure." Peter Hill On Apr 14, 2005, at 11:24 AM, Daniel Senie wrote:
At 02:00 PM 4/14/2005, Peter John Hill wrote:
I have completely given up on relying on Comcast for dns service... For now I will continue to use them for "transit"
If they are unwilling to implement anycast dns then I cannot trust them...
It's unclear why anycast would be required. Most or all of their customers use DHCP to obtain address information, including DNS information. It would be just as reasonable for them to install a few small DNS servers along-side the router at the cable head-end at every town. Now it might be simpler for them to manage if they placed those same servers but used Anycast, but the effect should be the same.
The point is, anycast is not the issue. Reliable service is the issue. DNS isn't their only issue, of course (that they're single-homed to AT&T adds to their unreliability, not that they can fix that at present).
Dan
On Thu, 14 Apr 2005, Peter John Hill wrote:
Do you understand anycast? Do you understand how different operating systems react to failures of configured dns servers?
You really need to look into anycast and see why it is used. Perhaps the comcast people are as naive as you about dns... Check out: http://www.net.cmu.edu/pres/anycast/
is attacking people necessary? I think Daniel's point was: "Perhaps anycast isn't te only answer" Perhaps it's not even appropriate for comcast's network/design/pop/hub/area/infrastructure... Don't get me, or I think Daniel, wrong, anycast is fun, but it's not for everyone. The main goal for comcast should be stability, regardless of how they implement that, eh?
On Thu, 14 Apr 2005 19:17:26 -0000, "Christopher L. Morrow" said:
Perhaps it's not even appropriate for comcast's network/design/pop/hub/area/infrastructure... Don't get me, or I think Daniel, wrong, anycast is fun, but it's not for everyone. The main goal for comcast should be stability, regardless of how they implement that, eh?
No, they want to maximize the pricepoint/stability function (which has multiple maxima/minima corresponding to various market niches). They want to pay as little as possible for sufficient stability to not torque off the customer base into migrating to another provider. In fact, I'd not even be surprised if the answer is different for different market regions - the needed stability in areas they're a near-monopoly at their price range is probably a lot lower than what they need in areas where there's lots of competitors. 5 nines impresses everybody on this list. 4 nines will probably cover most business customers. 3 nines for most consumers, and I bet you can make a living selling 2 nines to Joe Sixpack for $9.95/mo.... But you can't make a living selling to the 2-nines crowd at the 2-nines price with a 5-nines infrastructure (Anybody who can, drop me a note if you've got a POP near me ;)
On Thu, 14 Apr 2005, Alexander Kiwerski wrote:
But Comcast sure makes a great profit by charging a 2 or 3-nine's price for a 1.5-nine service ;-)
What's really funny here is that they are spending at a 5 9's level, they just don't implement in a 5 9's architecture. -- Brandon Ross AIM: BrandonNRoss Director, Network Engineering ICQ: 2269442 Internap Yahoo: BrandonNRoss
On Thu, 14 Apr 2005 Valdis.Kletnieks@vt.edu wrote:
On Thu, 14 Apr 2005 19:17:26 -0000, "Christopher L. Morrow" said:
Perhaps it's not even appropriate for comcast's network/design/pop/hub/area/infrastructure... Don't get me, or I think Daniel, wrong, anycast is fun, but it's not for everyone. The main goal for comcast should be stability, regardless of how they implement that, eh?
No, they want to maximize the pricepoint/stability function (which has multiple maxima/minima corresponding to various market niches). They want to pay as little as possible for sufficient stability to not torque off the customer base into migrating to another provider.
oops, I wasn't clear what I meant and didn't type properly was: "the goal for comcast is stability, you don't care how they achieve that" which still isn't 100% correct, but basically let them do their operations and lets not pot-shot something that 'we' don't understand. I'm assuming that peter hill is not a comcast employee, his email headers suggest a CMU grad and a current Amazon employee. go tartans.
On Apr 14, 2005, at 3:03 PM, Peter John Hill wrote:
Do you understand anycast? Do you understand how different operating systems react to failures of configured dns servers?
Do you? Relying 100% on anycast is MUCH worse than not deploying anycast at all. Spend some time thinking about various failure modes. (*sigh* just read NANOG archives if you want the short cut) There is more than one solution to every problem. Don't fixate on anycast purely because your university hosts a couple of web pages on it.
Hi John, * john@sackheads.org (John Payne) [Fri 15 Apr 2005, 00:48 CEST]:
Do you? Relying 100% on anycast is MUCH worse than not deploying anycast at all. Spend some time thinking about various failure modes. (*sigh* just read NANOG archives if you want the short cut)
In my opinion this statement is a bit overly broad. Yes, you can make anycast less reliable than two geographically and topologically separate nameservers, but if you place two nameservers behind the same router you end up with a less reliable system than even the simplest anycast setup.
There is more than one solution to every problem. Don't fixate on anycast purely because your university hosts a couple of web pages on it.
Nice - I'd have said "purely because your boss read about it in some trade magazine," but the bottom line is the same: just because it's hip doesn't mean it's the best for you. -- Niels. -- The idle mind is the devil's playground
On Thu, 14 Apr 2005, Daniel Senie wrote:
It's unclear why anycast would be required.
Well, DDoS attacks tend to be less effective when they are spread over a large number of anycasted hosts. That was the main reason I attempted to get anycasted DNS servers online there when I worked there. -- Brandon Ross AIM: BrandonNRoss Director, Network Engineering ICQ: 2269442 Internap Yahoo: BrandonNRoss
On Thu, 14 Apr 2005, Sean Donelan wrote:
On Thu, 14 Apr 2005, Christopher L. Morrow wrote:
people do that today.... unforunately they do it with 198.6.1.1 :(
Its called DHCP/PPP, both will auto-magically configure the correct DNS for your current network connection. If your laptop changes IP addresses, it should get new network configuration details for the current network.
Which doesn't work very well when your provider cannot keep a DNS server up for 10 minutes at a time. See the beginning of this thread. -- Brandon Ross AIM: BrandonNRoss Director, Network Engineering ICQ: 2269442 Internap Yahoo: BrandonNRoss
Brandon Ross wrote:
On Thu, 14 Apr 2005, Sean Donelan wrote:
Its called DHCP/PPP, both will auto-magically configure the correct DNS Which doesn't work very well when your provider cannot keep a DNS server up for 10 minutes at a time. See the beginning of this thread.
Run bind locally on your laptop. There's a Win32 version available if you're not running some sort of Unix or Linux on there. It's what I do as my ISP's DNS is wonky at times, as is $ork's as they choose to use Active Directory for DNS. Setup different named.conf files for home/work/travel/etc, and a trivial batch file or shell script to copy the relevant named.conf file into play and run rndc reload, and you're good to go.
Jeff Cole wrote:
Run bind locally on your laptop. There's a Win32 version available if you're not running some sort of Unix or Linux on there. It's what I do as my ISP's DNS is wonky at times, as is $ork's as they choose to use Active Directory for DNS.
For the sake of the root servers, I hope everyone doesn't start doing this. -Jerry
On Apr 15, 2005, at 1:13 AM, Jerry Pasker wrote:
Jeff Cole wrote:
Run bind locally on your laptop. There's a Win32 version available if you're not running some sort of Unix or Linux on there. It's what I do as my ISP's DNS is wonky at times, as is $ork's as they choose to use Active Directory for DNS.
For the sake of the root servers, I hope everyone doesn't start doing this.
Well configured laptops will not put that much pressure on the roots. A single misconfigured / broken recursive name server puts a lot more pressure on the roots than lots of well-configured laptops. I guess one could argue that the chance of misconfiguration go up as the number of systems goes up. -- TTFN, patrick
On Fri, 15 Apr 2005, Patrick W Gilmore wrote:
Well configured laptops will not put that much pressure on the roots. A single misconfigured / broken recursive name server puts a lot more pressure on the roots than lots of well-configured laptops.
I guess one could argue that the chance of misconfiguration go up as the number of systems goes up.
http://www.zdnet.com.au/news/security/0,2000061744,39188319,00.htm Disconnecting six compromised personal computers on Tuesday evening eased the difficulties caused by bogus requests which clogged BigPond's domain name servers (DNS), slowing customer e-mail and Web site access, Telstra said.
On Apr 15, 2005, at 1:38 AM, Sean Donelan wrote:
On Fri, 15 Apr 2005, Patrick W Gilmore wrote:
Well configured laptops will not put that much pressure on the roots. A single misconfigured / broken recursive name server puts a lot more pressure on the roots than lots of well-configured laptops.
I guess one could argue that the chance of misconfiguration go up as the number of systems goes up.
http://www.zdnet.com.au/news/security/0,2000061744,39188319,00.htm
Disconnecting six compromised personal computers on Tuesday evening eased the difficulties caused by bogus requests which clogged BigPond's domain name servers (DNS), slowing customer e-mail and Web site access, Telstra said.
Precisely my point. The problem is not number of well behaved systems, but the misbehaving ones. Again, you could argue that the quantity / chance of misconfiguration goes up with the quantity of systems being configured, but the end result still depends a great deal more on how many are misbehaving than how many there are in total. -- TTFN, patrick
On 4/14/05, Sean Donelan <sean@donelan.com> wrote:
http://www.zdnet.com.au/news/security/0,2000061744,39188319,00.htm Disconnecting six compromised personal computers on Tuesday evening eased the difficulties caused by bogus requests which clogged BigPond's domain name servers (DNS), slowing customer e-mail and Web site access, Telstra said.
That's ok. At least six more Telstra PCs will get compromised tomorrow. I don't know if they're doing uRPF etc. to stop address spoofing, or blocking RFC1918, but if not, that may help keep the load down. I'm not a fan of using anycast as opposed to building scalable distributed configurations of DNS servers and coordinating them with the DHCP settings that tell customers what server to use, (and monitoring them to make sure they keep working :-), but it can be good for isolating some problems like this. ---- Thanks; Bill Note that this isn't my regular email account - It's still experimental so far. And Google probably logs and indexes everything you send it.
On Apr 15, 2005, at 1:13 AM, Jerry Pasker wrote:
Jeff Cole wrote:
Run bind locally on your laptop. There's a Win32 version available if you're not running some sort of Unix or Linux on there. It's what I do as my ISP's DNS is wonky at times, as is $ork's as they choose to use Active Directory for DNS.
For the sake of the root servers, I hope everyone doesn't start doing this.
Well configured laptops will not put that much pressure on the roots. A single misconfigured / broken recursive name server puts a lot more pressure on the roots than lots of well-configured laptops.
I guess one could argue that the chance of misconfiguration go up as the number of systems goes up.
-- TTFN, patrick
I didn't say "I hope a few cluefull people don't do this." I said "I hope _everyone_ doesn't start doing this." Big difference. For the sake of the net, I hope no one, not even a semi popular OS venduh, gets the idea to build a dns server in to their next OS some day.
Jerry, Too late. Every Mac ships with a working version of BIND. Its not enabled by default, but it can be turned on with a few keystrokes. If you take a look at the dslreports.com forums, there are numerous complains about DNS performance from various DSL and cable modem users. I'm not sure how reasonable these complains are. The usual solution from other users is to install a piece of Windows software called "Treewalk" which will magically cure their problems. Guess what "Treewalk" is? Yep, its a freeware recursive DNS server ( http://ntcanuck.com/). I have no idea how well behaved it is, but its getting deployed pretty widely on user's machines. I also wonder how long it will be before home routers have DNS servers built-in, with a switch to let users select between iterative queries of their upstream's DNS and a normal recursive query. Has anyone seen this in the consumer market? - Dan On 4/15/05 1:45 AM, "Jerry Pasker" <info@n-connect.net> wrote:
On Apr 15, 2005, at 1:13 AM, Jerry Pasker wrote:
Jeff Cole wrote:
Run bind locally on your laptop. There's a Win32 version available if you're not running some sort of Unix or Linux on there. It's what I do as my ISP's DNS is wonky at times, as is $ork's as they choose to use Active Directory for DNS.
For the sake of the root servers, I hope everyone doesn't start doing this.
Well configured laptops will not put that much pressure on the roots. A single misconfigured / broken recursive name server puts a lot more pressure on the roots than lots of well-configured laptops.
I guess one could argue that the chance of misconfiguration go up as the number of systems goes up.
-- TTFN, patrick
I didn't say "I hope a few cluefull people don't do this." I said "I hope _everyone_ doesn't start doing this." Big difference.
For the sake of the net, I hope no one, not even a semi popular OS venduh, gets the idea to build a dns server in to their next OS some day.
-- Daniel Golding Network and Telecommunications Strategies Burton Group
On Fri, Apr 15, 2005, Daniel Golding wrote:
I also wonder how long it will be before home routers have DNS servers built-in, with a switch to let users select between iterative queries of their upstream's DNS and a normal recursive query. Has anyone seen this in the consumer market?
My netcomm NB1300 ADSL modem/router already has a built-in DNS server. -- Adrian Chadd "When you're a fantasy artist, <adrian@creative.net.au> everything needs breasts." - Lisaera, Lusternia
On Apr 15, 2005, at 8:59 AM, Daniel Golding wrote:
Too late. Every Mac ships with a working version of BIND. Its not enabled by default, but it can be turned on with a few keystrokes.
Name a flavor of unix which doesn't? And even if you can, name a flavor of unix which can't get it installed "with a few keystrokes [or mouse clicks]." We want people to use unix, stop complaining when they do. :-) Besides, the OSX named is well behaved in its default configuration (in my limited personal experience on my own laptops). -- TTFN, patrick
I'm not complaining about it - heck, I use it. I just wanted to point out that desktop DNS servers are a reality. Right now, few folks use them. If ISP DNS server quality gets worse or there are a few big outages, we may see desktop DNS usage climb. This may have deleterious effects on the roots and TLD servers. It might be interesting to pull query data on a root server and correlate it with known dynamic IP address pools to spot a trend. - Dan On 4/15/05 9:54 AM, "Patrick W Gilmore" <patrick@ianai.net> wrote:
On Apr 15, 2005, at 8:59 AM, Daniel Golding wrote:
Too late. Every Mac ships with a working version of BIND. Its not enabled by default, but it can be turned on with a few keystrokes.
Name a flavor of unix which doesn't?
And even if you can, name a flavor of unix which can't get it installed "with a few keystrokes [or mouse clicks]."
We want people to use unix, stop complaining when they do. :-)
Besides, the OSX named is well behaved in its default configuration (in my limited personal experience on my own laptops).
Daniel Golding wrote:
If you take a look at the dslreports.com forums, there are numerous complains about DNS performance from various DSL and cable modem users. I'm not sure how reasonable these complains are. The usual solution from other users is to install a piece of Windows software called "Treewalk" which will magically cure their problems.
Consumer ISP's who don't proactively take care of security/abuse usually end up with harvesting-bots which consume significant amount of DNS resources, typically doing anything from a few dozen to a thousand queries _a_second_. A few hundred of these will seriously hamper an usually provisioned recursive server. Pete
On Thu, 14 Apr 2005, Jeff Cole wrote:
Brandon Ross wrote:
On Thu, 14 Apr 2005, Sean Donelan wrote:
Its called DHCP/PPP, both will auto-magically configure the correct DNS Which doesn't work very well when your provider cannot keep a DNS server up for 10 minutes at a time. See the beginning of this thread.
Run bind locally on your laptop.
I already do that. I wasn't referring to myself, I was referring to other users who might not have the skills or interest in running their own DNS daemons. -- Brandon Ross AIM: BrandonNRoss Director, Network Engineering ICQ: 2269442 Internap Yahoo: BrandonNRoss
participants (21)
-
Adrian Chadd
-
Alexander Kiwerski
-
Bill Stewart
-
Brandon Ross
-
Christopher L. Morrow
-
Daniel Golding
-
Daniel Senie
-
Fergie (Paul Ferguson)
-
Irwin Lazar
-
Jeff Cole
-
Jerry Pasker
-
Jim Popovitch
-
John Payne
-
Michael.Dillon@radianz.com
-
Niels Bakker
-
Patrick W Gilmore
-
Peter John Hill
-
Petri Helenius
-
Sean Donelan
-
Steve Sobol
-
Valdis.Kletnieks@vt.edu