[dns-operations] renesys blog: Identity Theft Hits the Root Name Servers
Ed.Lewis at neustar.biz
Wed May 21 18:08:01 UTC 2008
At 17:06 +0200 5/21/08, Stephane Bortzmeyer wrote:
>AFAIK, there is no process to do so. Simon Waters said "Presumably
>ICANN will drop them from the root zone" which is, at this time, pure
>supposition. Among the difficulties: what level of brokeness should a
Ok, I'll bite in a sarcastic tense - we have already seen the
effectiveness of dropping the (old) L root address from the hints
file. I.e., "drop them from the root zone" isn't an effective
punishment while we have devices that have static root hints.
>root name server exhibits before being deleted? Not replying at all
>(not a big problem in practice)? Replying NXDOMAIN to every request
>(*that* would be vicious)?
"Vicious" would be replying with data incoherent with the other
(ICANN) root servers. NXDOMAINs would probably be rewritten by an
Dropping into "old man" mode:
For a long while, a strength of the root server system was that it
had no head, no central control, no responsibility, nothing tying all
pieces together. No one could take it over, no one could dismantle
it. The disorganized manner gave it reliability.
I've had a career in bureaucracies. Bureaucracies have their
failings - they are centrally managed, faceless, and lack agility.
But there is a reason for their existence. They maintain continuity,
operate under public scrutiny and, with the exception of human abuse,
can impart fair treatment. They are the underpinning of the "rule of
My acceptance of the status quo with regards to the root server
system is somewhat uneasy because of the lack of bureaucracy. Forget
the chance that any of today's operators become rogue, do we know we
can trust the next generation, and the next? Root ops are hardly a
group of a coherent opinion, what happens when the friction is sharp
Perhaps we are coming to a point where the status quo root server
system ought to be rethought. Perhaps formalizing the relationships
is due. While the root server operators behave in a public trust,
they do so in a veiled society. As far as I know, meetings are not
open, they have no reviews of policies. While there are no problems
at hand, there is no reason to question the situation, but once there
is a problem someone will wonder who held the reins?
Edward Lewis +1-571-434-5468
Never confuse activity with progress. Activity pays more.
More information about the dns-operations