[Sysadmins] Eircom DNS

James Raftery james at now.ie
Wed Jul 8 21:34:39 IST 2009


On 8 Jul 2009, at 16:49, Paul Jakma wrote:
> What user expertise is required, other than turning the machine on?

Timely updates to root hints. In the very near future timely updates  
to root zone DNSSEC keys, other trust anchors (in case root signing  
doesn't actually happen). Well behaved caches also run local zones or  
otherwise suppress outbound queries for private-use/reserved/localhost  
zones which are added to over time. That's just the care and  
maintenance side of things.

I was more talking about expertise when things aren't working right.  
If you're running your own resolver there isn't anyone to call when  
your cache is poisoned, your EDNS0 buffer size is causing grief,  
you're shafted by something upstream which blocks UDP messages > 512  
bytes, mishandles fragments, barfs on pkts with CD/AD/DO set, sets TC  
but doesn't do TCP, or any of the other things that go screwy.

Declan already mentioned the other side of the good hygiene argument,  
that of sparing auth. servers from the thundering herd of every end  
host bashing away for its own set of answers.


james
-- 
Time flies like an arrow. Fruit flies like bananas.




More information about the Sysadmins mailing list