<div><br></div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Oct 11, 2019 at 9:00 PM Joe Abley <<a href="mailto:jabley@hopcount.ca">jabley@hopcount.ca</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 11 Oct 2019, at 14:21, Paul Vixie <<a href="mailto:paul@redbarn.org" target="_blank">paul@redbarn.org</a>> wrote:<br>
<br>
> in the earlier days of DNS-OARC (where dnsviz migrated to recently), there was a server at cogent, which was not reachable over IPv6 from users are hurricane. i don't remember anybody blaming hurricane for this, which is why it seems odd to blame cogent today when DNS-OARC is hosted at hurricane. hurricane has transit for their IPv4 network but not for their IPv6 network. cogent's peering policy isn't fully "open." it's hard for me to see that either of them is "in the wrong."<br>
<br>
For me, too. People need to put their pitchforks away.<br>
<br>
The root server system as a whole accomplishes this kind of redundancy in connectivity by having multiple root servers that are each differently-connected to the Internet. Many of those individual root servers are further distributed across multiple connectivity providers using anycast. C is one that is not, but since it's an active goal of the system as a whole to be diverse it's hard to see that as a problem. I guarantee that there are attack scenarios where having all the anycast nodes (and hence the attack traffic) in one AS is going to be an advantage for measurement, or mitigation, or something.<br>
<br>
There is a ridiculous amount of diversity in this system precisely so that nobody has to lose any hair when one (or even many) specific components are not reachable.<br>
<br>
What some people are seeing in this thread as a problem is actually a nice demonstration that the system as a whole is immune to damage due to partial-table peering disagreements.</blockquote><div dir="auto"><br></div><div dir="auto">Indeed.</div><div dir="auto">W</div><div dir="auto"><br></div><div dir="auto"><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
<br>
Joe<br>
<br>
<br>
_______________________________________________<br>
dns-operations mailing list<br>
<a href="mailto:dns-operations@lists.dns-oarc.net" target="_blank">dns-operations@lists.dns-oarc.net</a><br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations" rel="noreferrer" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a><br>
</blockquote></div></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">I don't think the execution is relevant when it was obviously a bad idea in the first place.<br>This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants.<br> ---maf</div>