[dns-operations] renesys blog: Identity Theft Hits the Root Name Servers

[Joe Abley]

On 22 May 2008, at 10:31, David Conrad wrote:

> On May 21, 2008, at 11:20 PM, Kurt Erik Lindqvist wrote:
>
>> Given how rare a renumbering event is, I doubt we have a problem to
>> solve in the first place.
>
> We have just had an experience proof that it is a problem.  I'm not
> sure how anyone benefits from pretending that problem doesn't exist.

When taking about the situation that started this thread, I think it's  
important to differentiate between operational problems which caused  
failures for clients, potential operational problems which could have  
caused problems for clients, and policy problems which might one day  
lead to operational distress for someone.

As best as I can tell (not having consciously sent queries to old-L or  
looked in a routing table for its address myself) there has been no  
actual operational problem. There has been the potential operational  
problems (e.g. potential for EP.Net or Community DNS to serve a  
different zone from a server bound to old-L's address; operational  
confusion in problem escalation; I'm sure there are many other  
examples). It seems to me that there's a policy problem, but since  
this is an operations list that seems off-topic, here.

So, in practical, operatioal, user-experience terms, "there is no  
problem now" doesn't seem too far from the mark.

If what we're talking about is engineering solutions to potential  
future problems, we should be clear about that, since the urgency of  
the problem at hand has an influence on the engineering compromises  
that are chosen in response to it.


Joe