On 5-dec-03, at 17:16, Dean Anderson wrote:
Indeed, this is what they do when the agree to put the "national" root
nameservers in their own nameserver root configs. It is far easier to
have per-country stealth root slaves than it is to make every
nameserver
the stealth slave of every other domain in that country.
I don't think this stealth business is a very good idea. If you want a
root servers somewhere, use anycast. That means importing BGP problems
into the DNS, which is iffy enough as it is. But for a small network
island just having a single set of resolvers and make sure those have
all the needed information isn't a huge deal. Obviously such a place
doesn't have a huge number of ISPs so the number of DNS servers will be
quite limited in the first place.
Yet a stealth root is comparably easy:
You just tell your nameserver operators to configure in the IP
addresses
for your national root servers, instead of the "official" root servers.
So I have to trust these fake roots a 100%: not only that they don't
change the root zone, but also that they're always up to date and never
down. Tall order. An official anycast setup is much better: updates are
done the way they should be (last year when I wrote an article I
checked this: there is no policy anywhere on access to the root
zonefile. You can download it through FTP or even do a zone transfer in
a few places, but nothing official) and when your local root clone is
down there should be at least 12 others elsewhere.
Indeed, it is probably sensible for ISPs to do the same. This would
keep
things working internally in the event of an effective isolation due
to a
DOS attack, for example.
I think what we need to really solve this is a redesign of the DNS, as
the way it is now it breaks a fundamental design principle of the
internet: when two nodes have reachability, they should be able to
communicate, regardless of what else is (un)reachable. (I'm not
volunteering, though.)
I've been in a situation where root servers where unavailable for the
better part of a day, and it's pretty frustrating to see your resolver
cache disappear over tiem so you can no longer reach places to which
you still have connectivity.