[dns-operations] FreeBSD and the slaving of the root zone

David Conrad drc at virtualized.org
Tue Jul 31 19:22:48 UTC 2007


Roland,

On Jul 31, 2007, at 11:42 AM, Roland Dobbins wrote:
>> a) an attack against the root.  If you have slaved the root, you
>> (and your customers that you provide service to) are less impacted.
>
> I don't know if I agree with this.  Attacks against the actual roots
> themselves to date ...

I don't disagree that root attacks to date have been largely  
ineffective, but "past results do not guarantee future performance."   
Given the vast numbers of botnets (both voluntary and involuntary),  
it isn't immediately clear to me that any centralized resource is not  
subject to overwhelming attack.  I believe the only real mitigation  
to this sort of stuff is decentralization.

> So, if folks are interested in further decentralization of the roots,
> why not pony up and become a no-BS root instance operator, rather
> than running a 'poor-man's' root instance?

For one thing, unless you want to play routing games and steal  
prefixes, it requires coordination with a root server operator.  An  
advantage to slaving the root is that you don't have to coordinate  
with anyone (assuming open zone transfer).

Rgds,
-drc




More information about the dns-operations mailing list