On Sat, 9 Jul 2005, Jay R. Ashworth wrote:
I'm going to dive in one more time here.
It's not the *root* operators that are the problem -- it's the *TLD* zone operators.
Oh, I can certainly agree with that; we've seen some gross abuses of TLDs documented in gory detail right here on the NANOG list. Of course, that too is orthogonal to who provides the delegations in "." -- except that perhaps some misguided souls are, as is relatively common, confusing the two realms.
Introducing fragmented TLDs or the opportunity to supplant the common TLDs places the DNS infrastructure at risk. This is not just FUD -- DNS hijacking in alternate roots has already happened. (But if you had actually read RFC2826, you would already understand this.)
"infrastructure at risk". Justify this *far-reaching* statement, please. Show your work.
AlterNIC overriding .COM and .NET listings, one of the issues leading to its demise. (This was done in addition to the more memorable cache poisoning attacks against INTERNIC.NET.) The risk is uncertainty of name resolution, as the root zone can in fact override N-level records simply by posessing a more specific name. Root servers are queried for the full host (but respond with the NS glue delegation), not just the first component, which allows for such overriding.
Oh wait, your name wouldn't *actually* be Jim Fleming, would it?
<chuckle>
Well, at least some folks remember. 8-) -- -- Todd Vierling <tv@duh.org> <tv@pobox.com> <todd@vierling.name>