[dns-operations] The (very) uneven distribution of DNS root servers on the Internet

Paul Vixie paul at redbarn.org
Sat May 19 17:25:38 UTC 2012


On 2012-05-17 5:08 PM, Andrew Sullivan wrote:
> On Thu, May 17, 2012 at 01:39:44PM +0000, paul vixie wrote:
>> i realize that this will just move the game down-level to the tld's,
> If I read you correctly, in military terms you are arguing there for a
> retreat to a location that is itself not securable, and …

no. (you're not reading me correctly, or at least, that is not a correct
restatement.)

>> ... but by the time that part of the game is playing
>> out, i'm hoping for relevant penetration levels of dnssec.
> … then arguing that the hoped-for availability of a future tactical
> advantage will mean that the location you just gave up would have held
> anyway.  I think I disagree with the strategy.

i would too, if that strategy had been proposed.

now that we're apparently done arguing about the other proposal nobody
had made (which was "encouraging route hijacking or policy routing to
answer root server queries locally") let's summarily dismiss this
proposal which nobody has made, too. (noting, this isn't an ietf mailing
list nor usenet, yet here we are spending a week arguing about proposals
nobody has made rather than trying to discover what proposal has
actually been made.)

it's not practical or allowed by ACL to stealth-slave for COM, NET, ORG,
or the larger CCTLD's. that makes the problems solved by stealth slavery
unsolvable at the second level. which does not invalidate the arguments
for doing it at the root zone level, where it is practical, and where it
will be a perceived good and may also be an actual good, and which is
non-preventible in any case, and which is happening today at some scale
but without any recommendations in the form of an FYI or BCP RFC.

paul



More information about the dns-operations mailing list