well, f-root is not RFC 2870 compliant on this point and never has been. ; <<>> DiG 9.3.1 <<>> @f.root-servers.net . axfr ; (2 servers found) ;; global options: printcmd ... ;; Query time: 505 msec ;; SERVER: 192.5.5.241#53(192.5.5.241) ;; WHEN: Sat Feb 10 17:54:15 2007 ;; XFR size: 2480 records (messages 2)
but i still think that massive global "mirroring" of the root zone would be a bad idea. opportunities for local errors, local staleness, leaks of local polocy additions, outrun by a lot the potential unreachability due to ddos. check http://www.root-servers.org/ to see how many cities are now served. note that in last week's ddos, as in the one in 2002 (which was documented at http://c.root-servers.org/october21.txt), no operational outages were measured -- only monitoring geeks and root server operators even noticed. http://public.oarci.net/oarc/workshop-2005/minutes/malone-slaves treated this matter, and IIRC, i was not the only person in the room to think that hints were better than slaves. do we really need negative-BCP's? that is, do we need a WCP on this topic? -- Paul Vixie _______________________________________________ DNSOP mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dnsop
