[dns-operations] dns-operations Digest, Vol 36, Issue 8
Martin Hannigan
hannigan at gmail.com
Wed Jan 14 16:59:35 UTC 2009
On 1/14/09, dns-operations-request at lists.dns-oarc.net
<dns-operations-request at lists.dns-oarc.net> wrote:
> Send dns-operations mailing list submissions to
> dns-operations at lists.dns-oarc.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> or, via email, send a message with subject or body 'help' to
> dns-operations-request at lists.dns-oarc.net
>
> You can reach the person managing the list at
> dns-operations-owner at lists.dns-oarc.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of dns-operations digest..."
>
>
> Today's Topics:
>
> 1. Re: i've got a conflict of interest, can a non-implementor
> answer this? (Paul Lustgraaf)
> 2. Re: i've got a conflict of interest, can a non-implementor
> answer this? (Paul Vixie)
> 3. Re: i've got a conflict of interest, can a non-implementor
> answer this? (Eric Brunner-Williams)
> 4. Re: i've got a conflict of interest, can a non-implementor
> answer this? (Olaf Kolkman)
> 5. Re: i've got a conflict of interest, can a non-implementor
> answer this? (Edward Lewis)
> 6. Re: i've got a conflict of interest, can a non-implementor
> answer this? (Warren Kumari)
> 7. F Root question (Chris Cowherd)
> 8. Re: F Root question (Joe Abley)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 14 Jan 2009 08:06:52 CST
> From: Paul Lustgraaf <grpjl at iastate.edu>
> Subject: Re: [dns-operations] i've got a conflict of interest, can a
> non-implementor answer this?
> To: dns-operations at mail.dns-oarc.net
> Message-ID: <200901141406.IAA23814 at rv.its.iastate.edu>
>
>
> On Tue, Jan 13, 2009 at 11:34 PM, Paul Vixie <vixie at isc.org> wrote:
>> anything i might say would be seen as self serving, so i hope that others
>> here who are not DNS implementors will add professionally worded comments
>> to this article explaining your views about the need for critical
>> infrastructure to have some open source mixed into it.
>
> In my 36 years in the industry, it has been my experience that open source
> products have consistently been more reliable and more secure than
> proprietary products. Anyone claiming otherwise has the burden of
> proof placed squarely on their shoulders. Extraordinary claims require
> extraordinary proof.
>
>
> Paul Lustgraaf "Change is inevitable. Progress is not."
> Network Engineer
> Iowa State University Information Technology Services grpjl at iastate.edu
> Ames, IA 50011 515-294-0324
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 14 Jan 2009 15:12:24 +0000
> From: Paul Vixie <vixie at isc.org>
> Subject: Re: [dns-operations] i've got a conflict of interest, can a
> non-implementor answer this?
> To: Paul Lustgraaf <grpjl at iastate.edu>
> Cc: dns-operations at mail.dns-oarc.net
> Message-ID: <80321.1231945944 at nsa.vix.com>
>
>> > anything i might say would be seen as self serving, so i hope that
>> > others
>> > here who are not DNS implementors will add professionally worded
>> > comments
>> > to this article explaining your views about the need for critical
>> > infrastructure to have some open source mixed into it.
>>
>> In my 36 years in the industry, it has been my experience that open
>> source products have consistently been more reliable and more secure than
>> proprietary products. Anyone claiming otherwise has the burden of proof
>> placed squarely on their shoulders. Extraordinary claims require
>> extraordinary proof.
>
> while i agree, i want to say, again, that the web site where that article
> appeared will be read mostly by people not on this mailing list, and if you
> want your comments to be seen by that article's primary audience, then you
> will have to enter your comments at that web site.
>
>
> ------------------------------
>
> Message: 3
> Date: Wed, 14 Jan 2009 10:14:09 -0500
> From: Eric Brunner-Williams <brunner at nic-naa.net>
> Subject: Re: [dns-operations] i've got a conflict of interest, can a
> non-implementor answer this?
> To: dns-operations at mail.dns-oarc.net
> Message-ID: <496E0141.8060206 at nic-naa.net>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Apparently GCN isn't taking comments. The site has a comment cgi, but
> approval is either wicked slow or off for the duration.
>
> Paul Vixie wrote:
>> in http://gcn.com/articles/2009/01/12/dns-requires-a-layered-approach.aspx
>> we
>> see the following exchange:
>>
>> "GCN: BIND, which is the most widely used DNS server, is open
>> source. How safe are the latest versions of it?
>>
>> TOVAR: For a lot of environments, it is perfectly suitable. But in
>> any mission-critical network in the government sector, any
>> financial institution, anything that has the specter of identity
>> theft or impact on national security, I think using open source is
>> just folly."
>>
>> anything i might say would be seen as self serving, so i hope that others
>> here who are not DNS implementors will add professionally worded comments
>> to this article explaining your views about the need for critical
>> infrastructure to have some open source mixed into it.
>> _______________________________________________
>> dns-operations mailing list
>> dns-operations at lists.dns-oarc.net
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>>
>>
>>
>
>
>
> ------------------------------
>
> Message: 4
> Date: Wed, 14 Jan 2009 16:24:56 +0100
> From: Olaf Kolkman <olaf at NLnetLabs.nl>
> Subject: Re: [dns-operations] i've got a conflict of interest, can a
> non-implementor answer this?
> To: Andy Kosela <akosela at andykosela.com>
> Cc: vixie at isc.org, dns-operations at mail.dns-oarc.net
> Message-ID: <53966082-D71C-4D59-8926-D833CA347D2D at NLnetLabs.nl>
> Content-Type: text/plain; charset="us-ascii"; Format="flowed";
> DelSp="yes"
>
>
> On Jan 14, 2009, at 10:07 AM, Andy Kosela wrote:
>
>>
>> Anyone who is doubting the strength of BIND should take a look at what
>> root servers are running.
>>
>> http://en.wikipedia.org/wiki/Root_nameserver
>
>
> A self serving clarification:
>
> s/BIND/Open Source/ in the above sentence would stress the point even
> more.
>
> :-)
>
> --Olaf
>
>
>
> -----------------------------------------------------------
> Olaf M. Kolkman NLnet Labs
> Science Park 140,
> http://www.nlnetlabs.nl/ 1098 XG Amsterdam
>
> NB: The street at which our offices are located has been
> renamed to the above.
>
>
>
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: PGP.sig
> Type: application/pgp-signature
> Size: 194 bytes
> Desc: This is a digitally signed message part
> URL:
> <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20090114/8b416776/attachment-0001.bin>
>
> ------------------------------
>
> Message: 5
> Date: Wed, 14 Jan 2009 10:31:55 -0500
> From: Edward Lewis <Ed.Lewis at neustar.biz>
> Subject: Re: [dns-operations] i've got a conflict of interest, can a
> non-implementor answer this?
> To: dns-operations at mail.dns-oarc.net
> Cc: ed.lewis at neustar.biz
> Message-ID: <a06240802c593b537a71f@[10.31.201.29]>
> Content-Type: text/plain; charset="us-ascii" ; format="flowed"
>
> At 23:34 +0000 1/13/09, Paul Vixie wrote:
>
>>anything i might say would be seen as self serving, so i hope that others
>>here who are not DNS implementors will add professionally worded comments
>>to this article explaining your views about the need for critical
>>infrastructure to have some open source mixed into it.
>
> It is true that Paul speaking would be self-serving, albeit justified
> by someone else making self-serving comments (which is the life bread
> of industry trade publications), "professionally worded comments"
> from satisfied customers do carry a lot more weight.
>
> --
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Edward Lewis
> NeuStar You can leave a voice message at +1-571-434-5468
>
> Never confuse activity with progress. Activity pays more.
>
>
> ------------------------------
>
> Message: 6
> Date: Wed, 14 Jan 2009 11:05:56 -0500
> From: Warren Kumari <warren at kumari.net>
> Subject: Re: [dns-operations] i've got a conflict of interest, can a
> non-implementor answer this?
> To: Paul Lustgraaf <grpjl at iastate.edu>
> Cc: dns-operations at mail.dns-oarc.net
> Message-ID: <A28B18D2-08BB-4B02-A056-470950BB1C88 at kumari.net>
> Content-Type: text/plain; charset="us-ascii"; Format="flowed";
> DelSp="yes"
>
>
> On Jan 14, 2009, at 9:06 AM, Paul Lustgraaf wrote:
>
>>
>> On Tue, Jan 13, 2009 at 11:34 PM, Paul Vixie <vixie at isc.org> wrote:
>>> anything i might say would be seen as self serving, so i hope that
>>> others
>>> here who are not DNS implementors will add professionally worded
>>> comments
>>> to this article explaining your views about the need for critical
>>> infrastructure to have some open source mixed into it.
>>
>> In my 36 years in the industry, it has been my experience that open
>> source
>> products have consistently been more reliable and more secure than
>> proprietary products. Anyone claiming otherwise has the burden of
>> proof placed squarely on their shoulders. Extraordinary claims
>> require
>> extraordinary proof.
>
> No, they don't, they just need a little bit of fear mongering,
> misinformation and vague appeals to patriotism / morals.
>
> Some of the more absurd comments from random sales people I have run
> into over the years:
> "Well, you need a commercial product so you can transfer liability if
> there is an issue..." (Oddly enough, it turns out that the vendor
> wouldn't actually accept any liability... Weird).
> "With so many people having access to the code, how do you know that
> no-one has hidden a trojan in it?!"
> "If it were any good, it would be a commercial product and not just
> some toy OS that geeks play with -- you get what you pay for".
> "Our company has a whole team of highly paid researches that run
> security audits on $product. Our security team found and fixed 18
> serious vulnerabilities in the last 6 months alone.
> $open_source_alternative hasn't fixed ANY!"
>
> and my two favorites (both of these happened to be about Apache):
> "I heard that the terrorist are using Apache servers to coordinate
> missions."
> and, while pointing to some bar chart (which exactly matched market
> share):
> "As you can see from our research, much more of the child pornography
> is hosted on Apache than on $product".
>
> Sometimes I despair...
> W
>
>
>>
>>
>>
>> Paul Lustgraaf "Change is inevitable. Progress is
>> not."
>> Network Engineer
>> Iowa State University Information Technology Services grpjl at iastate.edu
>> Ames, IA 50011
>> 515-294-0324
>> _______________________________________________
>> dns-operations mailing list
>> dns-operations at lists.dns-oarc.net
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
> --
> "I think it would be a good idea."
> - Mahatma Ghandi, when asked what he thought of Western civilization
>
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: smime.p7s
> Type: application/pkcs7-signature
> Size: 4760 bytes
> Desc: not available
> URL:
> <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20090114/9c40fd7f/attachment-0001.bin>
>
> ------------------------------
>
> Message: 7
> Date: Wed, 14 Jan 2009 08:27:11 -0800
> From: Chris Cowherd <Chris.Cowherd at enom.com>
> Subject: [dns-operations] F Root question
> To: "dns-operations at mail.dns-oarc.net"
> <dns-operations at mail.dns-oarc.net>
> Message-ID:
> <6CDE22DE80A63A4DACF4FE2C916519A53F015D2254 at BLV11EXVS01.corp.dm.local>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Good day everyone. We are building out a new authoritative DNS
> infrastructure and my systems engineering director had a question I didn't
> necessarily know the answer to. Could someone be so kind to point me in the
> right direction?
>
>
> " F Root, operated by ISC, has 2 "global" nodes (one in SF and one in Pal
> Alto); and the remaining 44 nodes are dubbed "local".
>
> What functions do the global servers perform that the local ones do not.
> I.e., what is the functional difference between the two? "
>
>
> Thanks
>
>
> chris cowherd |????vice president, research
> __________________________________
> eNom, Inc., a Demand Media company
> 15801 NE 24th St.
> Bellevue, WA 98008
> chris.cowherd at demandmedia.com
>
>
>
>
> ------------------------------
>
> Message: 8
> Date: Wed, 14 Jan 2009 11:39:12 -0500
> From: Joe Abley <jabley at hopcount.ca>
> Subject: Re: [dns-operations] F Root question
> To: Chris Cowherd <Chris.Cowherd at enom.com>
> Cc: "dns-operations at mail.dns-oarc.net"
> <dns-operations at mail.dns-oarc.net>
> Message-ID: <005F99CD-E071-4199-84CD-BF841CFDF65F at hopcount.ca>
> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
>
> Hi Chris,
>
> On 14 Jan 2009, at 11:27, Chris Cowherd wrote:
>
>> Good day everyone. We are building out a new authoritative DNS
>> infrastructure and my systems engineering director had a question I
>> didn't necessarily know the answer to. Could someone be so kind to
>> point me in the right direction?
>>
>>
>> " F Root, operated by ISC, has 2 "global" nodes (one in SF and one
>> in Pal Alto); and the remaining 44 nodes are dubbed "local".
>>
>> What functions do the global servers perform that the local ones do
>> not. I.e., what is the functional difference between the two? "
>
> The "global" and "local" distinction relates to how the service is
> distributed using anycast. The distinction was something I made up
> when I wrote ISC-TN-2003-1, and which Kurtis and I used again when we
> wrote RFC 4786.
>
> There is no functional difference between any of the various nodes of
> F -- they all answer identically. The difference is only in the client
> base. Local nodes serve a local set of clients (for some topological
> meaning of "local"); global nodes serve, potentially, the whole
> Internet.
>
> See <http://ftp.isc.org/isc/pubs/tn/isc-tn-2003-1.txt>.
>
>
> Joe
>
>
>
> ------------------------------
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
>
> End of dns-operations Digest, Vol 36, Issue 8
> *********************************************
>
More information about the dns-operations
mailing list