[dns-operations] The (very) uneven distribution of DNS root servers on the Internet
Andrew Sullivan
ajs at anvilwalrusden.com
Thu May 17 13:21:33 UTC 2012
On Wed, May 16, 2012 at 08:52:26PM -0400, Joe Abley wrote:
>
> All the possible outcomes I can think of that lie in this direction
> winds up with pockets of broken DNS due to infrastructure that none
> of the current operators can identify, and failures that affect only
> a subset of users so that a fix is not necessarily obvious.
I agree with Joe. When I worked at a TLD registry company, we had a
very similar case occur when a large ISP in one country was slaving
the cc TLD zone for that country, and we didn't know it. We made some
infrastructure changes, and their slave stopped getting up to date
copies of the zone, but they didn't check their logs. Months later,
we started getting complaints about updates not propagating to the
zone; it was, of course, that that ISP had a months-old copy of the
zone. It took a long time to figure out what the problem was, because
we had no idea that this was going on. This particular incident
sticks in my mind because it affected so many people (one of whom was
some minister's brother or something, which of course made it all much
worse), but I remember more than one such incident happening.
I think this would happen to the root zone, too, and that seems worse
than just one ccTLD. Encouraging random people to keep local copies
of the root without anyone knowing about it is almost certainly an
excellent way to cause more DNS failures.
Best,
A
--
Andrew Sullivan
ajs at anvilwalrusden.com
More information about the dns-operations
mailing list