To:
dnsop@cafax.se
Cc:
randy@psg.com, bmanning@ISI.EDU
From:
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date:
Thu, 6 May 99 21:30:57 JST
In-Reply-To:
<199905061142.EAA06707@boreas.isi.edu>; from "Bill Manning" at May 6, 99 4:42 am
Reply-To:
dnsop@cafax.se
Sender:
owner-dnsop@cafax.se
Subject:
Re: Experiments in multi-placed root servers
Bill; > One key problem is that this technique "buries" the server inside > what effectivly is an ISP, which was rejected every single time > is was proposed from 1993 - 1998, which is the only timeframe I > can speak to. What is the problem to do so when so many users are using DHCP assigned DNS servers buried in ISPs? If the clients need a hard coded raw IP addresses unique to the ISP to lock the users in the ISP, there is a problem. But, in either cases, we are not doing so. Moreover, users always have an option to have their own DNS servers or root servers. > Issues tend to revolve around ambigious prefix injection and > the lack of authentication in the routing system. The lack of authentication in the routing system has nothing specifically to do with the root servers. Forged routes to the root servers can be injected eaqually easily regardless of whether we promote routing tricks for root servers or not. > The point of a DNSOPS activity is the operation of DNS, correct? So, never say "the lack of authentication in the routing system". > Network operations are orthoginal to DNS service. So, never say "the lack of authentication in the routing system"! > In this respect > DNS operates much like the RIRs. So, never say "the lack of authentication in the routing system"!! > They don't do routing. So, never say "the lack of authentication in the routing system"!!! > It's a symbiotic relationship. So, never say "the lack of authentication in the routing system"!!!! I hope you never say "multicast" never again, too. :-) Masataka Ohta