IETF Logo Mail Archive

Re: [DNSOP] AS112 for TLDs

Andrew Sullivan <ajs@commandprompt.com> Fri, 04 April 2008 15:20 UTC

Return-Path: <dnsop-bounces@ietf.org>
X-Original-To: dnsop-archive@lists.ietf.org
Delivered-To: ietfarch-dnsop-archive@core3.amsl.com
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1B73E3A6B0F; Fri, 4 Apr 2008 08:20:31 -0700 (PDT)
X-Original-To: dnsop@core3.amsl.com
Delivered-To: dnsop@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 631833A6943 for <dnsop@core3.amsl.com>; Fri, 4 Apr 2008 08:20:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.735
X-Spam-Level:
X-Spam-Status: No, score=-1.735 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kd41vn2ULgMJ for <dnsop@core3.amsl.com>; Fri, 4 Apr 2008 08:20:24 -0700 (PDT)
Received: from lists.commandprompt.com (host-159.commandprompt.net [207.173.203.159]) by core3.amsl.com (Postfix) with ESMTP id B79B23A6B0F for <dnsop@ietf.org>; Fri, 4 Apr 2008 08:19:56 -0700 (PDT)
Received: from commandprompt.com (227-54-222-209.mycybernet.net [209.222.54.227]) (authenticated bits=0) by lists.commandprompt.com (8.13.8/8.13.8) with ESMTP id m34FKZb5001416 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <dnsop@ietf.org>; Fri, 4 Apr 2008 08:20:37 -0700
Date: Fri, 04 Apr 2008 11:19:58 -0400
From: Andrew Sullivan <ajs@commandprompt.com>
To: dnsop@ietf.org
Message-ID: <20080404151957.GK1184@commandprompt.com>
References: <20080404025908.GA6781@vacation.karoshi.com.> <200804040316.m343GWNE061906@drugs.dv.isc.org> <20080404140210.GJ1184@commandprompt.com> <34168149-621F-497C-BCE7-01F68F1B2889@virtualized.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <34168149-621F-497C-BCE7-01F68F1B2889@virtualized.org>
User-Agent: Mutt/1.5.17 (2007-11-01)
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (lists.commandprompt.com [207.173.203.159]); Fri, 04 Apr 2008 08:20:38 -0700 (PDT)
Subject: Re: [DNSOP] AS112 for TLDs
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/dnsop>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: dnsop-bounces@ietf.org
Errors-To: dnsop-bounces@ietf.org

On Fri, Apr 04, 2008 at 07:37:31AM -0700, David Conrad wrote:
> >> 	leakage to the root servers is enormous.
> > This sounds to me like a cure that is quite possibly worse than the
> > disease.
> 
> In what way?

It rather depends on how much the root zone changes.

The targets of "run your own root copy" are the people who don't know 
how to capture and appropriately isolate (or don't care to do it)
their bogus traffic.

The proposed solution is to tell them to get a copy of the root zone
and run that.  What makes us think that they'll keep that copy up to
date, do sensible things with it, &c? 

I am familiar with one largeish zone that had its infrastructure on
the wrong end of an expensive link between it and the largest ISP in
the country.  Their answer to this was to transfer the zone to the
ISP.  Unfortunately, nobody at the ISP was monitoring the log files,
and someone failed to keep the TSIG keys in sync, so their copy of the
zone gradually came to be wrong.  Since none of this
copying-of-zone-around was documented anywhere, it took some time to
debug the problem, during which time large sections of that domain
were unavailable to a substantial population in the country in
question.

I can just imagine the hue and cry that would happen when new top
level domains "don't work for everybody".

A

-- 
Andrew Sullivan
ajs@commandprompt.com
+1 503 667 4564 x104
http://www.commandprompt.com/
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

v2.23.0 | Report a Bug | By Email