On Wed, May 16, 2012 at 08:52:26PM -0400, Joe Abley wrote: > > All the possible outcomes I can think of that lie in this direction > winds up with pockets of broken DNS due to infrastructure that none > of the current operators can identify, and failures that affect only > a subset of users so that a fix is not necessarily obvious. I agree with Joe. When I worked at a TLD registry company, we had a very similar case occur when a large ISP in one country was slaving the cc TLD zone for that country, and we didn't know it. We made some infrastructure changes, and their slave stopped getting up to date copies of the zone, but they didn't check their logs. Months later, we started getting complaints about updates not propagating to the zone; it was, of course, that that ISP had a months-old copy of the zone. It took a long time to figure out what the problem was, because we had no idea that this was going on. This particular incident sticks in my mind because it affected so many people (one of whom was some minister's brother or something, which of course made it all much worse), but I remember more than one such incident happening.
I think this would happen to the root zone, too, and that seems worse than just one ccTLD. Encouraging random people to keep local copies of the root without anyone knowing about it is almost certainly an excellent way to cause more DNS failures. Best, A -- Andrew Sullivan [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
