[dns-operations] Kaminsky: Protect IP Act Would Break DNS

Dobbins, Roland rdobbins at arbor.net
Sat Jul 16 13:42:37 UTC 2011

On Jul 16, 2011, at 7:29 PM, Joe Greco wrote:

> If we remain married to this idea of centralized control over recursion, that control is going to remain a tempting target for policymakers who
> want to impose a fix for their Big Problem Of The Day. 

I don't think that politicians wish to exert control over Internet behaviors because they understand that aggregated recursion points in the DNS are somewhat helpful in this regard.  I think they wish to exert control over Internet behaviors irrespective of technical/architectural considerations, and that if not DNS, the injection of more-specific prefixes in the routing table, mandated proxies, et. al. will serve their ends just as well.

With regards to distributed recursion, the argument could be made that the great increase the number of clients which authoritative servers must deal with on a regular basis would not necessarily be a welcome development, and that this model would add more complexity to clients which will complicate support and perhaps lend itself to exploitation by attackers.

I'm not saying that I'm necessarily opposed to more distributed recursion, but that it's probably a good idea to ensure we understand all the implications prior to pushing for change in this regard.

Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

		The basis of optimism is sheer terror.

			  -- Oscar Wilde

More information about the dns-operations mailing list