Re: [DNSOP] AS112 for TLDs
bmanning@vacation.karoshi.com Sat, 05 April 2008 03:46 UTC
Return-Path: <dnsop-bounces@ietf.org>
X-Original-To: dnsop-archive@lists.ietf.org
Delivered-To: ietfarch-dnsop-archive@core3.amsl.com
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 417243A685E; Fri, 4 Apr 2008 20:46:23 -0700 (PDT)
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 72A1F3A67A4 for <dnsop@core3.amsl.com>; Fri, 4 Apr 2008 20:46:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xUHm9PNCwgII for <dnsop@core3.amsl.com>; Fri, 4 Apr 2008 20:46:21 -0700 (PDT)
Received: from vacation.karoshi.com (unknown [IPv6:2002:c620:68b:0:230:48ff:fe11:220a]) by core3.amsl.com (Postfix) with ESMTP id 6D9FD3A685E for <dnsop@ietf.org>; Fri, 4 Apr 2008 20:46:20 -0700 (PDT)
Received: from karoshi.com (localhost.localdomain [127.0.0.1]) by vacation.karoshi.com (8.12.8/8.12.8) with ESMTP id m353iwqM024664; Sat, 5 Apr 2008 03:44:58 GMT
Received: (from bmanning@localhost) by karoshi.com (8.12.8/8.12.8/Submit) id m353ijp7024661; Sat, 5 Apr 2008 03:44:45 GMT
Date: Sat, 05 Apr 2008 03:44:45 +0000
From: bmanning@vacation.karoshi.com
To: Mark Andrews <Mark_Andrews@isc.org>
Message-ID: <20080405034445.GA24525@vacation.karoshi.com.>
References: <20080404155638.GA15372@vacation.karoshi.com.> <200804042307.m34N7svX071381@drugs.dv.isc.org>
Mime-Version: 1.0
Content-Disposition: inline
In-Reply-To: <200804042307.m34N7svX071381@drugs.dv.isc.org>
User-Agent: Mutt/1.4.1i
Cc: Andrew Sullivan <ajs@commandprompt.com>, bmanning@vacation.karoshi.com, dnsop@ietf.org, David Conrad <drc@virtualized.org>
Subject: Re: [DNSOP] AS112 for TLDs
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsop-bounces@ietf.org
Errors-To: dnsop-bounces@ietf.org
> > Mark made the claim that a local copy of the root would stop the > > traffic, which is false. a local copy of the root simply diffuses > > the traffic. > > > > the down sides to local copies of the root as seen from the > > peanut gallery: > > > > ) coherence of the avowed single namespace. There have been > > a few threads over the past decade on "bit rot" in the root-hints > > data. Local copies of the root zone will have the same bit-rot > > characteristics > > ) the IANA sanctioning alternate roots/namespaces ... "let a > > thousand roots bloom..." > > ) just how is the poor application/end user supposed to know > > or discriminate some local, walled garden root varient from > > the one true ICANN root varient? > > I said COPY. I did not say "THEIR OWN ROOT". A copy needs to > be kept up to date or it ceases to be a copy. It becomes a > snapshot. > > zone "." { > type slave; > masters { <addresses of root servers>; }; > }; er... a rather narrow, constrained view of the term "copy". I have copies of some datasets that go back 20 years or more. same data set, at different points in time. apparently you mean a copy of the database, plus/minus some temporal value and not augmented/diminished in any material way. your example of how to obtain a copy, that meets most of the criteria - seems to have a couple of assuptions... ) yFrom dnsop-bounces@ietf.org Fri Apr 4 20:46:23 2008 Return-Path: <dnsop-bounces@ietf.org> X-Original-To: dnsop-archive@optimus.ietf.org Delivered-To: ietfarch-dnsop-archive@core3.amsl.com Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 417243A685E; Fri, 4 Apr 2008 20:46:23 -0700 (PDT) X-Original-To: dnsop@core3.amsl.com Delivered-To: dnsop@core3.amsl.com Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 72A1F3A67A4 for <dnsop@core3.amsl.com>; Fri, 4 Apr 2008 20:46:22 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599] Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xUHm9PNCwgII for <dnsop@core3.amsl.com>; Fri, 4 Apr 2008 20:46:21 -0700 (PDT) Received: from vacation.karoshi.com (unknown [IPv6:2002:c620:68b:0:230:48ff:fe11:220a]) by core3.amsl.com (Postfix) with ESMTP id 6D9FD3A685E for <dnsop@ietf.org>; Fri, 4 Apr 2008 20:46:20 -0700 (PDT) Received: from karoshi.com (localhost.localdomain [127.0.0.1]) by vacation.karoshi.com (8.12.8/8.12.8) with ESMTP id m353iwqM024664; Sat, 5 Apr 2008 03:44:58 GMT Received: (from bmanning@localhost) by karoshi.com (8.12.8/8.12.8/Submit) id m353ijp7024661; Sat, 5 Apr 2008 03:44:45 GMT Date: Sat, 5 Apr 2008 03:44:45 +0000 From: bmanning@vacation.karoshi.com To: Mark Andrews <Mark_Andrews@isc.org> Message-ID: <20080405034445.GA24525@vacation.karoshi.com.> References: <20080404155638.GA15372@vacation.karoshi.com.> <200804042307.m34N7svX071381@drugs.dv.isc.org> Mime-Version: 1.0 Content-Disposition: inline In-Reply-To: <200804042307.m34N7svX071381@drugs.dv.isc.org> User-Agent: Mutt/1.4.1i Cc: Andrew Sullivan <ajs@commandprompt.com>, bmanning@vacation.karoshi.com, dnsop@ietf.org, David Conrad <drc@virtualized.org> Subject: Re: [DNSOP] AS112 for TLDs X-BeenThere: dnsop@ietf.org X-Mailman-Version: 2.1.9 Precedence: list List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org> List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe> List-Archive: <http://www.ietf.org/pipermail/dnsop> List-Post: <mailto:dnsop@ietf.org> List-Help: <mailto:dnsop-request@ietf.org?subject=help> List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: dnsop-bounces@ietf.org Errors-To: dnsop-bounces@ietf.org > > Mark made the claim that a local copy of the root would stop the > > traffic, which is false. a local copy of the root simply diffuses > > the traffic. > > > > the down sides to local copies of the root as seen from the > > peanut gallery: > > > > ) coherence of the avowed single namespace. There have been > > a few threads over the past decade on "bit rot" in the root-hints > > data. Local copies of the root zone will have the same bit-rot > > characteristics > > ) the IANA sanctioning alternate roots/namespaces ... "let a > > thousand roots bloom..." > > ) just how is the poor application/end user supposed to know > > or discriminate some local, walled garden root varient from > > the one true ICANN root varient? > > I said COPY. I did not say "THEIR OWN ROOT". A copy needs to > be kept up to date or it ceases to be a copy. It becomes a > snapshot. > > zone "." { > type slave; > masters { <addresses of root servers>; }; > }; er... a rather narrow, constrained view of the term "copy". I have copies of some datasets that go back 20 years or more. same data set, at different points in time. apparently you mean a copy of the database, plus/minus some temporal value and not augmented/diminished in any material way. your example of how to obtain a copy, that meets most of the criteria - seems to have a couple of assuptions... )ou state < addresses of root servers> ... which ones? ) can you ensure that the "root-servers" listed actually wills erve accurate data via xfr? wrt "copy" vs "their own root"... you and i started this discussion w/ the following: On Fri, Apr 04, 2008 at 09:05:25AM +1100, Mark Andrews wrote: > > There really is only one solution to preventing "bogus" > traffic reaching the root servers and that is to run a local > copy of the root zone. er, it (the bogus ttraffic) still reaches the root. just your copy of the root, not mine. --bill your statement that people should be encouraged to run a local copy of the root zone begs the question, run it where? to which my assumption is ... they run in on their own server, which, being authoritative for the root now, becomes their own root server. Did I err? and where is the "thou shalt NOT" modify/augment/diminish the contents of the database in the "local" copy ... > > Mark > > > but you, no doubt, see a much clearer picture. please convince > > me that my doubts are groundless... that bit-rot won't happen, > > It is possible to check the masters similarly to the way > we check the roots servers today. coordinating btwn a dozen orgs is one thing, coordinating btwn an unbounded number is something else. as an analogy, how many AS112 instances are there and how can one check for coherent data ebing served by them? > > that the avowed single namespace will remain intact, > It will if you keep the copy up to date. "copy up to date"... so you acknowledge copies can and will age/diverge over time. and you assume that augmentation "frosting" will not be applied to the local copy each time a fresh copy is aquired... presumably from some well known set of servers > > and that > > there will be trival ways for end users to discover the root of > > the namespace they are using... > > dig NS . please... get real here. > > > if the recommendation to run your own copy of the root is approved. > Note the zone will expire if you don't keep the masters up > to date unlike failures to keep the root hints up to date. rndc reload .... to use a bind specific example of reloading > > Mark > > > --bill > > _______________________________________________ > > DNSOP mailing list > > DNSOP@ietf.org > > https://www.ietf.org/mailman/listinfo/dnsop > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop you state < addresses of root servers> ... which ones? ) can you ensure that the "root-servers" listed actually wills erve accurate data via xfr? wrt "copy" vs "their own root"... you and i started this discussion w/ the following: On Fri, Apr 04, 2008 at 09:05:25AM +1100, Mark Andrews wrote: > > There really is only one solution to preventing "bogus" > traffic reaching the root servers and that is to run a local > copy of the root zone. er, it (the bogus ttraffic) still reaches the root. just your copy of the root, not mine. --bill your statement that people should be encouraged to run a local copy of the root zone begs the question, run it where? to which my assumption is ... they run in on their own server, which, being authoritative for the root now, becomes their own root server. Did I err? and where is the "thou shalt NOT" modify/augment/diminish the contents of the database in the "local" copy ... > > Mark > > > but you, no doubt, see a much clearer picture. please convince > > me that my doubts are groundless... that bit-rot won't happen, > > It is possible to check the masters similarly to the way > we check the roots servers today. coordinating btwn a dozen orgs is one thing, coordinating btwn an unbounded number is something else. as an analogy, how many AS112 instances are there and how can one check for coherent data ebing served by them? > > that the avowed single namespace will remain intact, > It will if you keep the copy up to date. "copy up to date"... so you acknowledge copies can and will age/diverge over time. and you assume that augmentation "frosting" will not be applied to the local copy each time a fresh copy is aquired... presumably from some well known set of servers > > and that > > there will be trival ways for end users to discover the root of > > the namespace they are using... > > dig NS . please... get real here. > > > if the recommendation to run your own copy of the root is approved. > Note the zone will expire if you don't keep the masters up > to date unlike failures to keep the root hints up to date. rndc reload .... to use a bind specific example of reloading > > Mark > > > --bill > > _______________________________________________ > > DNSOP mailing list > > DNSOP@ietf.org > > https://www.ietf.org/mailman/listinfo/dnsop > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
- [DNSOP] AS112 for TLDs Stephane Bortzmeyer
- Re: [DNSOP] AS112 for TLDs Phil Regnauld
- [DNSOP] Re: AS112 for TLDs Stephane Bortzmeyer
- Re: [DNSOP] AS112 for TLDs Joe Baptista
- Re: [DNSOP] AS112 for TLDs John Crain
- Re: [DNSOP] AS112 for TLDs Joe Baptista
- Re: [DNSOP] AS112 for TLDs John Crain
- Re: [DNSOP] AS112 for TLDs Joe Baptista
- Re: [DNSOP] AS112 for TLDs John Crain
- L-Root address change [Re: [DNSOP] AS112 for TLDs] Peter Koch
- [DNSOP] Re: L-Root address change (Was: AS112 for… Stephane Bortzmeyer
- Re: L-Root address change [Re: [DNSOP] AS112 for … bert hubert
- Re: [DNSOP] Re: L-Root address change (Was: AS112… Ralf Weber
- Re: L-Root address change [Re: [DNSOP] AS112 for … Matt Larson
- Re: L-Root address change [Re: [DNSOP] AS112 for … bmanning
- Re: L-Root address change [Re: [DNSOP] AS112 for … bert hubert
- Re: L-Root address change [Re: [DNSOP] AS112 for … bmanning
- Re: L-Root address change [Re: [DNSOP] AS112 for … bert hubert
- Re: B-Root address change [Re: [DNSOP] AS112 for … bmanning
- Re: L-Root address change [Re: [DNSOP] AS112 for … Joe Baptista
- Re: L-Root address change [Re: [DNSOP] AS112 for … JINMEI Tatuya / 神明達哉
- Re: L-Root address change [Re: [DNSOP] AS112 for … Joe Baptista
- Re: L-Root address change [Re: [DNSOP] AS112 for … John Crain
- Re: L-Root address change [Re: [DNSOP] AS112 for … Joe Baptista
- Re: [DNSOP] AS112 for TLDs William F. Maton Sotomayor
- Re: [DNSOP] AS112 for TLDs Phil Regnauld
- Re: [DNSOP] AS112 for TLDs Brian Dickson
- Re: [DNSOP] AS112 for TLDs Mark Andrews
- Re: [DNSOP] AS112 for TLDs Joe Baptista
- Re: [DNSOP] AS112 for TLDs Masataka Ohta
- Re: [DNSOP] AS112 for TLDs Elmar K. Bins
- [DNSOP] Re: AS112 for TLDs Stephane Bortzmeyer
- Re: [DNSOP] AS112 for TLDs William F. Maton Sotomayor
- [DNSOP] Re: AS112 for TLDs William F. Maton Sotomayor
- Re: [DNSOP] Re: AS112 for TLDs Mark Andrews
- Re: [DNSOP] Re: AS112 for TLDs William F. Maton Sotomayor
- Re: [DNSOP] AS112 for TLDs Edward Lewis
- Re: [DNSOP] AS112 for TLDs Mohsen Souissi
- Re: [DNSOP] AS112 for TLDs William F. Maton Sotomayor
- [DNSOP] Re: AS112 for TLDs Stephane Bortzmeyer
- Re: [DNSOP] Re: AS112 for TLDs Joe Baptista
- Re: [DNSOP] Re: AS112 for TLDs Paul Vixie
- Re: [DNSOP] Re: AS112 for TLDs Joe Baptista
- Re: [DNSOP] Re: AS112 for TLDs Mark Andrews
- Re: [DNSOP] Re: AS112 for TLDs Mark Andrews
- Re: [DNSOP] Re: AS112 for TLDs Mark Andrews
- Re: [DNSOP] Re: AS112 for TLDs Joe Baptista
- Re: [DNSOP] Re: AS112 for TLDs Mark Andrews
- Re: [DNSOP] Re: AS112 for TLDs Edward Lewis
- Re: [DNSOP] Re: AS112 for TLDs Paul Vixie
- Re: [DNSOP] Re: AS112 for TLDs Joe Baptista
- Re: [DNSOP] Re: AS112 for TLDs Mark Andrews
- Re: [DNSOP] Re: L-Root address change (Was: AS112… Florian Weimer
- [DNSOP] Re: AS112 for TLDs Stephane Bortzmeyer
- Re: [DNSOP] AS112 for TLDs Florian Weimer
- Re: [DNSOP] Re: AS112 for TLDs Florian Weimer
- Re: [DNSOP] AS112 for TLDs Sebastian Castro Avila
- Re: [DNSOP] AS112 for TLDs Edward Lewis
- Re: [DNSOP] AS112 for TLDs Sebastian Castro
- Re: [DNSOP] AS112 for TLDs William F. Maton Sotomayor
- Re: [DNSOP] AS112 for TLDs Edward Lewis
- Re: [DNSOP] AS112 for TLDs Joe Abley
- Re: [DNSOP] AS112 for TLDs Paul Vixie
- Re: [DNSOP] AS112 for TLDs Andrew Sullivan
- Re: [DNSOP] AS112 for TLDs Edward Lewis
- Re: [DNSOP] AS112 for TLDs Mark Andrews
- Re: [DNSOP] AS112 for TLDs bmanning
- Re: [DNSOP] AS112 for TLDs Mark Andrews
- Re: [DNSOP] AS112 for TLDs Andrew Sullivan
- Re: [DNSOP] AS112 for TLDs David Conrad
- Re: [DNSOP] AS112 for TLDs Andrew Sullivan
- Re: [DNSOP] AS112 for TLDs Frederico A C Neves
- Re: [DNSOP] AS112 for TLDs David Conrad
- Re: [DNSOP] AS112 for TLDs bmanning
- Re: [DNSOP] AS112 for TLDs Andrew Sullivan
- Re: [DNSOP] AS112 for TLDs David Conrad
- Re: [DNSOP] AS112 for TLDs Edward Lewis
- Re: [DNSOP] AS112 for TLDs John L. Crain
- Re: [DNSOP] AS112 for TLDs Mark Andrews
- Re: [DNSOP] AS112 for TLDs Joe Baptista
- Re: [DNSOP] AS112 for TLDs bmanning
- Re: [DNSOP] AS112 for TLDs Florian Weimer
- Re: [DNSOP] AS112 for TLDs Joe Baptista
- Re: [DNSOP] AS112 for TLDs Florian Weimer
- Re: [DNSOP] AS112 for TLDs Joe Baptista
- Re: [DNSOP] AS112 for TLDs Dean Anderson
- Re: [DNSOP] AS112 for TLDs Andrew Sullivan
- Re: [DNSOP] AS112 for TLDs Joe Baptista
- Re: [DNSOP] AS112 for TLDs Mark Andrews
- Re: [DNSOP] AS112 for TLDs Jaap Akkerhuis
- Re: [DNSOP] AS112 for TLDs Dean Anderson
- Re: [DNSOP] AS112 for TLDs Peter Koch
- Re: [DNSOP] AS112 for TLDs William F. Maton Sotomayor
- Re: [DNSOP] AS112 for TLDs Paul Vixie
- Re: [DNSOP] AS112 for TLDs Warren Kumari