To:
"Perry E. Metzger" <perry@wasabisystems.com>
Cc:
Jim Bound <seamus@bit-net.com>, users@ipv6.org, dns op wg <dnsop@cafax.se>, ngtrans@sunroof.eng.sun.com
From:
Randy Bush <randy@psg.com>
Date:
Wed, 17 Jan 2001 22:39:15 -0800
Sender:
owner-dnsop@cafax.se
Subject:
Re: IPv6 dns
> Why do a rogue server? Why not just have the existing root operators
> deploy v6 transport capable root servers that are official?
no disagreement there.
> If you feel that it is too risky to do that on the existing hardware ...
obviously you missed the entire discussion. this is not about the usual
software bugs. it's about cache poisoning of old servers in v4 space.
> I would ask you to state a reason (other than possible expense) why
> having a couple of "clone servers" run and administered by the same
> folks running the current roots but on the 6bone and accepting
> requests over v6 transport could cause an operational problem. What is
> it, exactly, that we're fearing here?
this was discussed in dnsop, and is in the dnsop minutes. it was discussed
in ngtrans.
to repeat the presentation:
----
the v6 directorate and the i* would appreciate if today's dnsop meeting
would add the following to its agenda:
o if there actually is a need for to experiment with a separate v6 root,
o what is the cache hints and root zone content, and, given that
o what are the possiblity vulnerabilities of the general internet, and if
there are any
o what are the limits/guidelines needed to prudently protect the net?
an example of a worry is cache poisoning of an antique v4 bind.
----
and there are thousands of vulnerable v4 binds still out there.
randy