[dns-operations] renesys blog: Identity Theft Hits the Root Name Servers

Edward Lewis Ed.Lewis at neustar.biz
Thu May 22 12:32:35 UTC 2008

At 14:10 +0800 5/22/08, Joao Damas wrote:

>if DNSSEC was in use then the origin of the data wouldn't matter, and
>that includes the root zone.

During the incident, the data returned was coherent with the rest of 
the root servers, so the origin wasn't an issue.  (Harking back to 
why DNSSEC wasn't the solution to this incident.)

>stating that a system has certain properties does not imply some other
>system can not have the same properties, so your statement above can not
>imply that some other system can  not guarantee good working order

I never said that bureaucracy was the only way to go, not any 
guarantee.  And no email could ever contain a complete analysis 
recommending an approach - I am sure that there are many details I 
omitted.  Heck, bureaucracy is seen in a negative light because many 
set ups have been corrupt (political machines).

(My thoughts here are triggered by comparisons of the current and 
previous IP address allocation system.  Currently we have in place 
the RIRs and the formal agreements they require.  Compared to the Jon 
Postel informal agreements that now come to haunt us - and this 
incident being tied to the uncertainty of that era - the formalism of 
IP address assignment is a big win.)

Based on my knowledge of world history though, the trend is away from 
benevolent oligarchies and towards stodgy public institutions.

Edward Lewis                                                +1-571-434-5468

Never confuse activity with progress.  Activity pays more.

More information about the dns-operations mailing list