At 4:19 PM -0500 2002/11/01, Ben Stern wrote:
I don't trust them to do the job right. Even if they should, by some miracle, manage to get a suitable copy of the current root zone, I wouldn't trust them to be able to properly anycast that to anyone else. I wouldn't trust them to be able to provide that information to their own recursive/caching customers. And once they set that stuff up, there'd be no way to get them to stop.I obviously cannot speak for other major ISPs, and am speaking here as an individual, not as a representative of AS2548, but I do not see anything obviously stopping various national carriers from anycasting the root, other than a) lack of obvious contacts at the roots, and b) lack of perceived authority. [0] [1]
If you want to go the anycast root route, I think we'd be better off selecting a few underperforming root nameservers, and then find contacts at the IP address registries (RIPE, APNIC, JPNIC, etc...) and see if we can find someone suitable there to provide the proper routing and nameservice. I'd trust them more than I would anyone at most major ISPs. I know a guy at AOL that I'd trust to do the nameservice side correctly, but I'm not sure I'd trust the networking guys to avoid screwing things up.
Then there's the issue of current DNS UDP truncation at the roots. There's no way this would fit into ~500 bytes:
% dig @a.root-servers.net. . any +vc
; <<>> DiG 8.3 <<>> @a.root-servers.net. . any +vc
; (1 server found)
;; res options: init usevc recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40904
;; flags: qr aa rd; QUERY: 1, ANSWER: 14, AUTHORITY: 13, ADDITIONAL: 13
;; QUERY SECTION:
;; ., type = ANY, class = IN
;; ANSWER SECTION:
. 6D IN NS A.ROOT-SERVERS.NET.
. 6D IN NS H.ROOT-SERVERS.NET.
. 6D IN NS C.ROOT-SERVERS.NET.
. 6D IN NS G.ROOT-SERVERS.NET.
. 6D IN NS F.ROOT-SERVERS.NET.
. 6D IN NS B.ROOT-SERVERS.NET.
. 6D IN NS J.ROOT-SERVERS.NET.
. 6D IN NS K.ROOT-SERVERS.NET.
. 6D IN NS L.ROOT-SERVERS.NET.
. 6D IN NS M.ROOT-SERVERS.NET.
. 6D IN NS I.ROOT-SERVERS.NET.
. 6D IN NS E.ROOT-SERVERS.NET.
. 6D IN NS D.ROOT-SERVERS.NET.
. 1D IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. (
2002110201 ; serial
30M ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
;; AUTHORITY SECTION:
. 6D IN NS A.ROOT-SERVERS.NET.
. 6D IN NS H.ROOT-SERVERS.NET.
. 6D IN NS C.ROOT-SERVERS.NET.
. 6D IN NS G.ROOT-SERVERS.NET.
. 6D IN NS F.ROOT-SERVERS.NET.
. 6D IN NS B.ROOT-SERVERS.NET.
. 6D IN NS J.ROOT-SERVERS.NET.
. 6D IN NS K.ROOT-SERVERS.NET.
. 6D IN NS L.ROOT-SERVERS.NET.
. 6D IN NS M.ROOT-SERVERS.NET.
. 6D IN NS I.ROOT-SERVERS.NET.
. 6D IN NS E.ROOT-SERVERS.NET.
. 6D IN NS D.ROOT-SERVERS.NET.
;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET. 5w6d16h IN A 198.41.0.4
H.ROOT-SERVERS.NET. 5w6d16h IN A 128.63.2.53
C.ROOT-SERVERS.NET. 5w6d16h IN A 192.33.4.12
G.ROOT-SERVERS.NET. 5w6d16h IN A 192.112.36.4
F.ROOT-SERVERS.NET. 5w6d16h IN A 192.5.5.241
B.ROOT-SERVERS.NET. 5w6d16h IN A 128.9.0.107
J.ROOT-SERVERS.NET. 5w6d16h IN A 198.41.0.10
K.ROOT-SERVERS.NET. 5w6d16h IN A 193.0.14.129
L.ROOT-SERVERS.NET. 5w6d16h IN A 198.32.64.12
M.ROOT-SERVERS.NET. 5w6d16h IN A 202.12.27.33
I.ROOT-SERVERS.NET. 5w6d16h IN A 192.36.148.17
E.ROOT-SERVERS.NET. 5w6d16h IN A 192.203.230.10
D.ROOT-SERVERS.NET. 5w6d16h IN A 128.8.10.90
;; Total query time: 236 msec
;; FROM: XXXXXXX to SERVER: a.root-servers.net. 198.41.0.4
;; WHEN: Sun Nov 3 00:03:02 2002
;; MSG SIZE sent: 17 rcvd: 662
--
Brad Knowles, <[EMAIL PROTECTED]>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E W+++(--) N+ !w---
O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
#----------------------------------------------------------------------
# To unsubscribe, send a message to <[EMAIL PROTECTED]>.
