[dns-operations] The (very) uneven distribution of DNS root servers on the Internet

[paul vixie]

On 5/17/2012 1:21 PM, Andrew Sullivan wrote:
> ... I think this would happen to the root zone, too, and that seems
> worse than just one ccTLD. Encouraging random people to keep local
> copies of the root without anyone knowing about it is almost certainly
> an excellent way to cause more DNS failures.

i think we have to admit that this kind of thing is going to happen, and
document a best practice. if you want to wrap that in advice of the form
"this is probably not what you want to do, for reasons X Y Z, but if
you're going to do it, here's how" then that's fine by me.

the dns data path is now hotly contested. everybody who's anybody wants
to get into it, either for data mining, ad insertion, piracy prevention,
or whatever. the world will respond to this by outsourcing less of their
resolution. we can't pretend otherwise; i at least think this is the
healthy and right response.

the rootops can be trusted. $dayjob is one; i know the others; i KNOW
the rootops can be trusted. however, the queries sent to root server
addresses will often not arrive at root servers, thanks to policy
routing and great firewalls. the way to ensure that more people get real
answers may indeed be wide spread root zone stealth slavery.

i realize that this will just move the game down-level to the tld's, and
that there's no way enough people can slave enough of those to make a
permanent difference. but by the time that part of the game is playing
out, i'm hoping for relevant penetration levels of dnssec.

-- 
"I suspect I'm not known as a font of optimism." (VJS, 2012)