Ombudslistan

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: dnsop@cafax.se
From: Harald Tveit Alvestrand <Harald@Alvestrand.no>
Date: Sun, 11 Jul 1999 02:00:09 +0200
Sender: owner-dnsop@cafax.se
Subject: Results of inconsistencies in reused-address servers

We're digging into a rathole wrt server placement, methinks.

I think the administration of these servers sharing an address may be
more important than their placement.

Consider one possible failure mode.
(I'm using extreme examples because they stick more easily in the mind...)

- Iran and Iraq each have a root name server, sharing an address, and
   maintained by a local agency. They go to war.
   Out of spite, Iran deletes .iq from its copy of the nameserver; Iraq
   deletes .ir from its copy in retaliation.
   BGP routing may carry either copy to Azerbadjan; which one is seen may
   vary as links come up and down. Confusion will result.

   Other variants of reasons for inconsistency are criminal malice by
   operators, breaks in system security (hacking), and (the most probable
   reason) operator stupidity.

The only possible remedies (that I can see) that the rest of the world can 
take to minimize the damage from such a problem are either to firewall off 
the relevant part using routing reconfiguration (a complex process) or to 
delete the address from the list of root name servers; this will delete the 
WHOLE cluster, not just the ones involved in the problem.

My conclusion:

At any point in the network, all copies of a shared-address nameserver that 
CAN be made visible by the routing system MUST be bound together 
administratively in such a fashion that the risk of inconsistency is 
minimal, and the responsibility for maintianing consistency is well defined.

One such binding is having them all managed by one organization; other
forms of binding are possible.

(ICANN is, as far as I can understand, attempting to create a similar form 
of binding between the root server operators; as far as I can tell, the 
current binding has the form of a "gentlemen's agreement".....)

Note that the previous discussion, outside of the examples, has not used 
the terms "country" or "ISP"; I believe the problem is independent of where 
the country borders or ISP boundaries are on the network topology map.

                         Harald A






--
Harald Tveit Alvestrand, Maxware, Norway
Harald.Alvestrand@maxware.no

Prev by Date: Re: Topological Motivation for draft-ohta-root-servers-01.txt?
Next by Date: Stock News
Prev by thread: Re: Is Scope working well?
Next by thread: Re: Results of inconsistencies in reused-address servers
Index(es):
- Date
- Thread

Home | Date list | Subject list