On 5/17/2012 1:21 PM, Andrew Sullivan wrote: > ... I think this would happen to the root zone, too, and that seems > worse than just one ccTLD. Encouraging random people to keep local > copies of the root without anyone knowing about it is almost certainly > an excellent way to cause more DNS failures.
i think we have to admit that this kind of thing is going to happen, and document a best practice. if you want to wrap that in advice of the form "this is probably not what you want to do, for reasons X Y Z, but if you're going to do it, here's how" then that's fine by me. the dns data path is now hotly contested. everybody who's anybody wants to get into it, either for data mining, ad insertion, piracy prevention, or whatever. the world will respond to this by outsourcing less of their resolution. we can't pretend otherwise; i at least think this is the healthy and right response. the rootops can be trusted. $dayjob is one; i know the others; i KNOW the rootops can be trusted. however, the queries sent to root server addresses will often not arrive at root servers, thanks to policy routing and great firewalls. the way to ensure that more people get real answers may indeed be wide spread root zone stealth slavery. i realize that this will just move the game down-level to the tld's, and that there's no way enough people can slave enough of those to make a permanent difference. but by the time that part of the game is playing out, i'm hoping for relevant penetration levels of dnssec. -- "I suspect I'm not known as a font of optimism." (VJS, 2012) _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
