To:
Brad Knowles <brad.knowles@skynet.be>
CC:
Ben Stern <bstern@electromagnetic.net>, Bill Woodcock <woody@pch.net>, Bill Manning <bmanning@ISI.EDU>, dnsop@cafax.se
From:
Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date:
Sun, 3 Nov 2002 22:38:07 +0859 ()
In-Reply-To:
<a05200d0ab9ea6ab1fc3e@[146.106.12.76]> from Brad Knowles at "Nov3, 2002 00:04:44 am"
Sender:
owner-dnsop@cafax.se
Subject:
Re: DoS and anycast
Brad; > > I obviously cannot speak for other major ISPs, and am speaking here as an > > individual, not as a representative of AS2548, but I do not see anything > > obviously stopping various national carriers from anycasting the root, other > > than a) lack of obvious contacts at the roots, and b) lack of perceived > > authority. [0] [1] > > I don't trust them to do the job right. That's why every ISP should run anycast root servers by itself not relying on ones run by adjacent ISPs. > I know a guy at AOL that I'd trust to do the > nameservice side correctly, but I'm not sure I'd trust the networking > guys to avoid screwing things up. You are saying that, even if you securely retreive some address from DNS, you do not trust the networking guys connect you to a host of the address. Then, there is no point of secure DNS. > Then there's the issue of current DNS UDP truncation at the > roots. There's no way this would fit into ~500 bytes: Sounds like you never took a look at "anycast". With UDP without truncation, we can run millions of root servers. Masataka Ohta #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.