[dns-operations] FreeBSD and the slaving of the root zone
drc at virtualized.org
Tue Jul 31 19:22:48 UTC 2007
On Jul 31, 2007, at 11:42 AM, Roland Dobbins wrote:
>> a) an attack against the root. If you have slaved the root, you
>> (and your customers that you provide service to) are less impacted.
> I don't know if I agree with this. Attacks against the actual roots
> themselves to date ...
I don't disagree that root attacks to date have been largely
ineffective, but "past results do not guarantee future performance."
Given the vast numbers of botnets (both voluntary and involuntary),
it isn't immediately clear to me that any centralized resource is not
subject to overwhelming attack. I believe the only real mitigation
to this sort of stuff is decentralization.
> So, if folks are interested in further decentralization of the roots,
> why not pony up and become a no-BS root instance operator, rather
> than running a 'poor-man's' root instance?
For one thing, unless you want to play routing games and steal
prefixes, it requires coordination with a root server operator. An
advantage to slaving the root is that you don't have to coordinate
with anyone (assuming open zone transfer).
More information about the dns-operations