DNSOP mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: David Conrad <david.conrad@nominum.com>
Cc: Brad Knowles <brad.knowles@skynet.be>, DNS Operations <dnsop@cafax.se>
From: Randy Bush <randy@psg.com>
Date: Thu, 10 Oct 2002 16:09:09 +0900
Sender: owner-dnsop@cafax.se
Subject: Re: Interim signing of the root zone.

> Can you describe the issues you see with anycast and how DNSSEC would
> address those issues?

w/o dnssec, one can not differentiate ancasted root from a routing attack
on that root.  see <http://www.nanog.org/mtg-0206/ppt/massey/index.htm>
for how one might defend against such attacks.

as dnssec is finally approaching deployment, it seems imprudent to rush
into a not obviously critical anycast deployment when a little patience
would seem harmless.

with dnssec, anycast authoritative servers are way cool, clearly safe,
and quite deployable.

without dnssec, it seems grandstanding to no prudent useful end.

randy

Follow-Ups:
- Re: Interim signing of the root zone.
  - From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
- Re: Interim signing of the root zone.
  - From: Måns Nilsson <mansaxel@sunet.se>

References:
- Re: Interim signing of the root zone.
  - From: Randy Bush <randy@psg.com>
- Re: Interim signing of the root zone.
  - From: David Conrad <david.conrad@nominum.com>

Prev by Date: Re: Interim signing of the root zone.
Next by Date: Call for Agenda Items
Prev by thread: Re: Interim signing of the root zone.
Next by thread: Re: Interim signing of the root zone.
Index(es):
- Date
- Thread

Home | Date list | Subject list