Hey list, So far, we have not gotten a huge amount of feedback on this draft (but thank you _very_much_ to those that have responded). I think we were really hoping that people could take a look at the draft and comment before Paris. It focuses on how resolvers that query large TLD registries can maintain connectivity during sustained outages at the root (such as from DDoS attacks). While it may seem topical to some, we were hoping that some of the distinctions and practices in this draft would be useful in general (such as the distinction of Infrastructure RR types).
We would all very much appreciate any feedback from the list, thanks! Eric On Mar 2, 2012, at 12:56 PM, Eric Osterweil wrote: > Hey everyone, > > We have resurrected our draft Improving DNS Service Availability by Using > Long TTL Values, and added some new polish to it. We've taken some feedback > from various people and would love to hear any thoughts other people have. > > Thanks! > > Eric > > Begin forwarded message: > >> From: [email protected] >> Date: February 23, 2012 7:57:30 AM PST >> To: [email protected] >> Subject: I-D Action: draft-pappas-dnsop-long-ttl-04.txt >> Reply-To: [email protected] >> >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> >> Title : Improving DNS Service Availability by Using Long TTL >> Values >> Author(s) : Vasileios Pappas >> Eric Osterweil >> Filename : draft-pappas-dnsop-long-ttl-04.txt >> Pages : 17 >> Date : 2012-02-23 >> >> Due to the hierarchical tree structure of the Domain Name System >> [RFC1034][RFC1035], losing all of the authoritative servers that >> serve a zone can disrupt services to not only that zone but all of >> its descendants. This problem is particularly severe if all the >> authoritative servers of the root zone, or of a top level domain's >> zone, fail. Although proper placement of secondary servers, as >> discussed in [RFC2182], can be an effective means against isolated >> failures, it is insufficient to protect the DNS service against a >> Distributed Denial of Service (DDoS) attack. This document proposes >> to reduce the impact of DDoS attacks against top level DNS servers by >> setting long TTL values for NS records and their associated A and >> AAAA records. Our proposed changes are purely operational and can be >> deployed incrementally. >> >> >> A URL for this Internet-Draft is: >> http://www.ietf.org/internet-drafts/draft-pappas-dnsop-long-ttl-04.txt >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> >> This Internet-Draft can be retrieved at: >> ftp://ftp.ietf.org/internet-drafts/draft-pappas-dnsop-long-ttl-04.txt >> >> _______________________________________________ >> I-D-Announce mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/i-d-announce >> Internet-Draft directories: http://www.ietf.org/shadow.html >> or ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > _______________________________________________ > DNSOP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dnsop _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
