[dns-operations] renesys blog: Identity Theft Hits the Root Name Servers

Kurt Erik Lindqvist kurtis at kurtis.pp.se
Wed May 21 08:48:40 UTC 2008

On 21 maj 2008, at 09.43, Michael Sinatra wrote:

> Kurt Erik Lindqvist wrote:
>> On 20 maj 2008, at 21.29, David Conrad wrote:
>>> On May 20, 2008, at 12:21 PM, Randy Bush wrote:
>>>>> So why not memorialize a set of "golden" /32s and /128s in a BCP  
>>>>> and
>>>>> be done with it?  No more root hints file.  Yay!
>>>> moving the root hints file to pdf will help exactly how?  :)/2
>>> It would be fixed in code.  Think of it like the fixing in code of  
>>> the
>>> port number for the DNS protocol.  The root server addresses,  
>>> because
>>> of their unique requirements due to bootstrapping, would become
>>> (should have been defined as) part of the protocol.
>> If we are fixing something in code, then one /32 anycasted would  
>> be  enough, no?

I'll first note that irony travels badly in email.

> Not if the nearest server or cluster suffered a failure that  
> prevented it from answering queries but didn't take it out of the  
> routing table. Everyone in the catchment of that server would be  
> affected.  If, after bootstrapping, caching resolvers were given  
> multiple IP addresses for the root (and those service addresses were  
> not part of the same anycast cloud), then such a failure would only  
> affect a caching resolver on start-up, but if you stick with the  
> single /32 after bootstrapping, then you're really asking for it.   
> We should still have 2 or more addresses hardcoded so that such a  
> failure could be mitigated by the client doing its own failover to  
> another address, and those 2 or more addresses should be part of  
> different anycast clouds.
> I am still wondering if there is enough breakage here to warrant the  
> level of fix being proposed.

That statement I would agree with.

- kurtis -

More information about the dns-operations mailing list