On Thu, May 17, 2012 at 01:02:39PM -0700, David Conrad wrote: > > - increased resilience to DoS attack
It is not clear that it will offer that, it is yet less clear that it will offer that better than simply joining in (say) l-root, and it is nowise plain that the trade-off is wise. > > - reduced dependence on a single point (ok, 13 points) of failure There aren't 13, as Joe already pointed out; and it doesn't get rid of the single point of failure at all. On the contrary, it makes recovery from a mistake in a couple of single points even harder. > > - potentially improved performance Only potentially, the trade analysis hasn't been done, and it's not clear that this improvement is better than standing up an actual root server node in one of the existing anycast systems. > > - greater autonomy This is a _problem_, not a benefit, I was arguing. > > - reduced political whinage about not having a root server It might provide this. > > - greater openness and transparency I rarely know what those words mean. In their plain English meaning, I think they're false in this case, as the difficulty of debugging a failure (in the anecdote I posted earlier) seems to me to indicate. Because nobody knew about that secret mirror, the problem took much longer to solve. Openness and transparency means, to me, that I can tell who is involved in answering my query, and if the root zone is being answered by someone not actually authorized to mirror it (and that's not widely known), then it is less, rather than more, open and transparent. > If I'm reading your comments correctly, you're suggesting the right > answer is to not document best practices for slaving the root and > let folks figure it out on their own? I am claiming that there are, perhaps, best ways to do it, but that one shouldn't do it in the first place. There's probably a best way not to get caught robbing banks, but I don't think we should publish manuals. There's a best way not to get parking tickets while yet parking without paying, but I don't think we should publish manuals for that either. This case lies somewhere between those examples. Best, A -- Andrew Sullivan [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
