On Sun, 02 Oct 2011 17:30:37 EDT, Todd Underwood said:
2) can any root server operator who serves data inside of china verify that the data that they serve have not been rewritten by the great firewall?
DNSSEC should help this issue dramatically. This however could be problematic if the Chinese govt (or any repressive regime) decides to ban the use of technology that allows a user to identify when they're being repressed.
3) does ISC (or <Insert Root Operator Here>) have a plan for monitoring route distribution to ensure that this doesn't happen again (without prompt detection and mitigation)?
Leaked routes happen External monitors and looking glasses and filters and communities are all things we should probably be doing more of, in order to minimize routing bogosity. But when all is said and done, there's no real way to have a dynamic routing protocol like BGP and at the same time *guarantee* that some chucklehead NOC monkey won't bollix things up. At best, we'll be able to get to "less than N brown-paper-bag moments per Tier-[12] per annum" for some value of N.