[Longish diatribe. I just use my share of bandwidth here in larger packets. I hope you will consider S/N large enough] At 04:51 PM 10/23/2002, Joe Patterson wrote:
would it cause problems, and more importantly would it solve potential problems, to put some/most/all of the root servers (and maybe gtld-servers too) into an AS112-like config? .... Is it a problem that's even worth looking at?
It is definitely worth exploring. As David Conrad pointed out, the technology is there. Also it is very appealing in terms of DDoS resistance and general distributedness that works so well for the Internet.
Is it a solution that's worse (for some reason I haven't noticed yet) than the problem?
The problem is making absolutely sure that the root zone that is served is authentic. For AS112 this is not really important because the queries it syphons off are all bogus anyways. So I could not care less if they received bogus answers. For the root this is an entirely different matter! Of course if we had DNSSEC widely deployed it would be a no-brainer. But I am afraid that is going to take a long time; I hope it happens before DNS itself becomes obsoleted. So with the lack of DNS security the problem could be mitigted by routing security, i.e one could have some trust in the place the information comes from instead of having the information itself authenticated. However there is no such thing as routing security either. The best we can do in the absence of pertinent security technology is to try to distribute things carefully; always making sure that ISPs, and end-users if they wish, have current and usable information to determine themselves which DNS servers and which routes to them they trust. While doing this we also must maintain clearly the responsibility of the server operators to serve the authentic unique root zone and to provide a consistent service with good performance. At the same time there is the ever increasing number of self appointed people suggesting to run root servers for a variety of motives, usually even good intentions; however with the potential to change the content of the root zone *without accountability* or even without telling the users of those servers. Those who know me will testify that I am a very grass roots, bottom-up oriented person suspicious of centralisation and hierarchies. But the prospect of having multiple differing instances of the root zone in the Internet makes me very uncomfortable. In fact it would mean that we will have no Internet any longer but different networks, that one cannot trust any longer that a hyperlink will end up in a single place, that a server is really the one one intends to talk to etc. pp. Unfortunately we do not have the security techologies deployed yet that will alleviate this problem. So we have to keep things together for some time or end up with no Internet left. Daniel