[conspire] DNS & nameservers ... 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 8-O ...
Rick Moen
rick at linuxmafia.com
Fri Mar 30 23:07:44 PDT 2018
- Previous message: [conspire] DNS & nameservers ... 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 8-O ...
- Next message: [conspire] Servers and security
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Quoting Michael Paoli (Michael.Paoli at cal.berkeley.edu):
> Well, I don't think we're *that* far apart on our perspective ;-) ...
> some of the context was also lost in the (partial) quoting
If so, sorry about that.
> Yes, key word *reliable*.
Well, let's talk about that. You almost certainly aren't intending
to mislead, but it seems to me you're promoting a common false narrative
that secondary (slave) DNS nameservice -- e.g., that you get friends
operating four other authoriative namservers to perform for your
domains, as perhaps you will also do for theirs -- is somehow prone to
reliability or failure problems. Computerists, even Linux users, who
aren't _themselves_ auth. nameserver operators, tend to believe this
misconception because they don't know better.
You're a veteran sysadmin, so you _do_ know better. I've tried
repeatedly to educate the Linux community about this, with limited
success. One effort was this 2005 _Linux Gazette_ article:
http://linuxmafia.com/~rick/basics-of-dns.html
Quoting:
As a matter of logical categories, I can spot four distinct
categories of "DNS service": three of the four are dead simple. The
fourth isn't too difficult if you can refer to example zonefiles as your
model. Let's run through them, in turn, from simplest to most complex.
[...]
3. Secondary (slave) authoritative nameserver
[...]
The nice thing about setting up secondary DNS is (1) it's pretty much
a set-up-and-forget affair on your end, and (2) it's the other person's
(Alice's) job to notice most sorts of problems. Moreover, it's usually
be her screw-up. So, doing secondary is an easy way to help a friend,
and involves only a tiny amount of one-time work.
To sum, in order to help Alice by doing secondary for one of her
domains, you set up slave (secondary) nameservice for that domain in
your auth. nameserver, to pull down zone updates from Alice's master
namserver IP, notify Alice your secondary's ready to test -- and you're
done. All you need do from that point forward is Don't F*ck With It.
And absent something extraordinary, it'll Just Work.[tm]
_Alice_ has an incentive to check on your service periodically, as
(e.g.) my cron job /etc/cron.weekly/mydomains does every Sunday. In my
experience, weekly is more than often enough in context. Hell, monthly
would probably be often enough, because absent Stupid Sysadmin Tricks like
one of your secondary DNS admins decommissioning or re-IPing the machine
and not telling you, failure to be 'reliable' is so rare as to be not
worth spending time planning for.
My cron job, in effect, exists primarily to make sure I notice any such
Stupid Sysadmin Tricks within 3-4 days on average, which is more than
good enough. Why? Because aggregate domain DNS performance has always
remained fine even during the three or four times a secondary had some
dysfunction or failure over 20+ years. Maybe some dysfuctions would
have caused DNS performance degradation, but (1) I expect I'd notice and
fix that pretty quickly and, (2) since it just hasn't happened over an
extremely long time, I don't waste time planning for it.
So, 'reliable'? It's damned hard to have a running auth namserver
providing slave (secondary) nameservice _not_ be reliable. You'd
practically have to do deliberate sabotage, in my experience.
You mention geographic and network diversity for all/most of the auth
nameservers. Sure, nice if available, but seriously, man: Anything
that (e.g.) takes down the electric grid in _both_ Menlo Park _and_
Milpitas _and_ Oakland is going to cause a lot bigger worries than
my piddly little two domains' DNS. (And that's ignoring the secondary I
have in Texas.)
Making sure you're widely distributed around US/Canada is frankly
overkill unless you run a company with 'CDN' in its name.
'Super high capacity and bandwidth'? Make me laugh. Surely you are
aware that DNS daemons, even pigs like BIND9, barely load down a machine
at all. Unless every crimelord in Eastern Europe hates me all at once,
I am not going to need that on any of my auth. nameservers, let alone
all of them -- because my name doesn't have 'CDN' in it.
> oh, say, some folks's DNS servers running on some Raspberry Pis over
> some minimal ("slow", but today's standards) DSL links
[snip piling more problems onto this pathetic beginning, such
as the RPi also streaming lots of video]
Aw, c'mon. Isn't it stacking the deck more than a bit to assume that
some of your secondary nameserver admins are going to do moronic things
like deploying 24x7 Internet infrastructure onto an RPi and _also_
streaming video from it?
I don't know about you, but I take modest measures to omit utter loons
from my collection of secondaries. Wouldn't anyone? Wouldn't you?
> But heck, if *all* of the DNS servers were "no better than" (and about the
> same as) those Pi examples, then in such case then yes, still, 5 or 7 of
> such would be better than 3. So, yes, it *does* depend. ;-)
That's such a contrived example that I worry you must have hurt your
back, twisting around like that.
> And too, often the edge cases are where interesting/critical/important
> stuff happens,
I have a problem with third parties jumping in to digress onto immediate
crazed and verbose digression into weird and unlikely edge cases when
I'm trying to educate the public about an important general truth that
they really need to know -- because that interferes, pure and simple.
Doing that is going to justifiably annoy me, every time.
> So, ... I tend to call out exceptions when I see 'em
People who do that are, to be frank, a blight on the Internet. The
implicit assumption that I'm always and everywhere obliged to
painstakingly footnote, acknowledge, and document every conceivable
weird and unlikely exception before I'm allowed to teach people about a
vitally important and useful general truth (under pain of being
interrupted by 'exception' fanatics who are _not_ bothering to help
teach) is... well, it's bloody well mistaken, for starters, and also
goddamned impertinent.
You do not get a cookie for barging in and listing every possible weird
and unlikely exception. You will not get thanked. This being the
Internet, you will not see the eyes rolling, and you won't hear the
person whose explanation you interrupted with inane edge cases say
'Oh, f'crissakes, sod off', either.
You probably do think you're doing something meritorious when you do
that. Fine, go ahead and think that, but this is me saying all you're
really doing is being really goddamned annoying and making the person
attempting to teach general truths consider not bothering to try in the
future. I'm serious, by the way. It's not friendly, it's not
_actually_ constructive, and it's seriously annoying.
> So, ... yep, ... exceptions. ;-) DNS servers. More is better? ;-)
> Well, yes, *generally*, and ... even that, only to some certain point!
Oh, f'crissakes, sod off. (For once, not just sotto voce in my living
room.)
Sorry if that comes across as antagonistic, but I doubt you really have
any idea how irritating that sort of conduct is, and I'm trying to do
you a favour by articulating that.
- Previous message: [conspire] DNS & nameservers ... 13, 12, 11, 10, 9, 8, 7, 6, 5, 4, 3, 8-O ...
- Next message: [conspire] Servers and security
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the conspire
mailing list