[dns-operations] glitch on [ip6|in-addr].arpa?

Warren Kumari warren at kumari.net
Fri Oct 11 20:07:21 UTC 2019


On Fri, Oct 11, 2019 at 9:00 PM Joe Abley <jabley at hopcount.ca> wrote:

> On 11 Oct 2019, at 14:21, Paul Vixie <paul at redbarn.org> wrote:
>
> > in the earlier days of DNS-OARC (where dnsviz migrated to recently),
> there was a server at cogent, which was not reachable over IPv6 from users
> are hurricane. i don't remember anybody blaming hurricane for this, which
> is why it seems odd to blame cogent today when DNS-OARC is hosted at
> hurricane. hurricane has transit for their IPv4 network but not for their
> IPv6 network. cogent's peering policy isn't fully "open." it's hard for me
> to see that either of them is "in the wrong."
>
> For me, too. People need to put their pitchforks away.
>
> The root server system as a whole accomplishes this kind of redundancy in
> connectivity by having multiple root servers that are each
> differently-connected to the Internet. Many of those individual root
> servers are further distributed across multiple connectivity providers
> using anycast. C is one that is not, but since it's an active goal of the
> system as a whole to be diverse it's hard to see that as a problem. I
> guarantee that there are attack scenarios where having all the anycast
> nodes (and hence the attack traffic) in one AS is going to be an advantage
> for measurement, or mitigation, or something.
>
> There is a ridiculous amount of diversity in this system precisely so that
> nobody has to lose any hair when one (or even many) specific components are
> not reachable.
>
> What some people are seeing in this thread as a problem is actually a nice
> demonstration that the system as a whole is immune to damage due to
> partial-table peering disagreements.


Indeed.
W



>
> Joe
>
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>
-- 
I don't think the execution is relevant when it was obviously a bad idea in
the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair of
pants.
   ---maf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20191011/e0d096f2/attachment-0001.html>


More information about the dns-operations mailing list