Tracy R Reed wrote:
For all practical purposes it would stop the Internet. Sure, it's all IP underneath. But the Internet transactions I care about are all human initiated such as sending and receiving emails and getting web pages. If the root name servers went down right now how would you conduct your normal Internet business? Some of us might be able to salvage some things from our local DNS cache and write them down. But the vast majority of the net would be SOL.
Email would get delayed as all the ISP's repoint to new (and/or local) DNS servers.
As for the web, I'm not as sure. Most people rely on portals, bookmarks and search engines. Of those, only bookmarks are sensitive to DNS failure because they are statically encoded by address. If search engines started returning IP address URL's, necessary DNS traffic would start dropping off pretty fast.
Google, Yahoo, and Microsoft would be down about a day, tops. Just enough time for them to get a full dump from a root server and start their own up.
They might now even go down *at all*. I'd be surprised if those companies weren't getting full zone transfers anyway. They generate a huge chunk of DNS traffic that I can't really see them wanting to send on to a root server.
This is one of the reasons that there just isn't a lot of impetus to fix DNS. The speed with which an attack can be thwarted is in the range of hours. The attack would have to be intense and *weeks* in duration for local caching of a full zone transfer to not work. Even so, DNS propagation is so slow that waiting 24-48 hours for a propagate wouldn't be very problematic.
-a -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
