[dns-operations] glitch on [ip6|in-addr].arpa?
warren at kumari.net
Fri Oct 11 20:07:21 UTC 2019
On Fri, Oct 11, 2019 at 9:00 PM Joe Abley <jabley at hopcount.ca> wrote:
> On 11 Oct 2019, at 14:21, Paul Vixie <paul at redbarn.org> wrote:
> > in the earlier days of DNS-OARC (where dnsviz migrated to recently),
> there was a server at cogent, which was not reachable over IPv6 from users
> are hurricane. i don't remember anybody blaming hurricane for this, which
> is why it seems odd to blame cogent today when DNS-OARC is hosted at
> hurricane. hurricane has transit for their IPv4 network but not for their
> IPv6 network. cogent's peering policy isn't fully "open." it's hard for me
> to see that either of them is "in the wrong."
> For me, too. People need to put their pitchforks away.
> The root server system as a whole accomplishes this kind of redundancy in
> connectivity by having multiple root servers that are each
> differently-connected to the Internet. Many of those individual root
> servers are further distributed across multiple connectivity providers
> using anycast. C is one that is not, but since it's an active goal of the
> system as a whole to be diverse it's hard to see that as a problem. I
> guarantee that there are attack scenarios where having all the anycast
> nodes (and hence the attack traffic) in one AS is going to be an advantage
> for measurement, or mitigation, or something.
> There is a ridiculous amount of diversity in this system precisely so that
> nobody has to lose any hair when one (or even many) specific components are
> not reachable.
> What some people are seeing in this thread as a problem is actually a nice
> demonstration that the system as a whole is immune to damage due to
> partial-table peering disagreements.
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations