ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Root Anycast

2004-05-18 13:22:40
from [Måns Nilsson] [Permanent Link] 
--On Tuesday, May 18, 2004 18:01:05 +0200 jfcm <info(_at_)utel(_dot_)net> wrote:


1. first target: distribution of the root machines through a root server
matrix and core network - 


Yes, this is already done. It works, even if it is not top-guided as you
envision.


containing local root information to make it a
need. Decrease of the pressure, risk containement, new data, new services.


This is unnecessary and prone to failure. 


2. second target : a user MITM providing "hardware, software and
brainware firewalling". At root system level it means that the user is to
cache his root system. 


Which part of the present caching resolve server does not provide this
service today? Aren't you reinventing the wheel here? 


Private roots are not subject to DoS. They certainly permit to survive a
few hours, days and even probably months. In adding all the root themes
we can objectively consider today for ubiquist new services, plus a
"first necessity" software kit and root, we are probably talking of an
ASN.1 structure of less than 20 compacted K (comparable to anti-virus
updates).


Private roots are subject to confusion, mis-directed micromanagement by
local admins, overly sensitive to local politics, split-vision of what must
by design be unified, and endless user frustration. I have tried this in a
large corporate network, and it was, even there with a clear chain of
command, a horrible mess. Never, ever again will I take anything like it
outside a lab (except to kill it).


The figures I discussed in a previous memo, show that we could then come
back to a "486DX2". However discussing of root server the way we consider
them today would be quite meaningless.


You have a strong passion for doing something to fix the DNS system. I
suggest you channel this passion towards trying to fix all the b0rkened
clients (cf. the studies of root server load refered to earlier here)
before you try to impose breakage onto the well-functioning root server
system. 

-- 
Måns Nilsson                    MN1334-RIPE
http://vvv.besserwisser.org     +46 706 81 72 04

Attachment: pgpdHYVbpOCxK.pgp
Description: PGP signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: 60th IETF - Registration, JORDI PALET MARTINEZ
Next by Date:  Re: 60th IETF - Registration, Leif Johansson
Previous by Thread:  Re: Root Anycast, jfcm
Next by Thread:  Re: Root Anycast, jfcm
Indexes:  [Date] [Thread] [Top] [All Lists]