North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DNS Headaches.

  • From: Paul Vixie
  • Date: Tue Aug 18 01:46:17 1998

> > .                       2D IN NS        PANIC.WEBTEAM.NET.
> > .                       2D IN NS        TORGO.WEBTEAM.NET.
> How did this happen anyway?  InterNIC? Postel?

M.I.B.H., no doubt.

> Doesn't this error imply that a percentage of the
> Internet was unresolvable by the entire planet?

Luckily not.  Those servers are running with recursion enabled.  So they
sent back a lot of nonauthoritative answers, which were treated as server
failures but forwarded anyway.  At least BIND would have done that.  Had
the above servers been configured with recursion disabled, then the above
delegation (coming as it did as an authoritative answer from a bootstrap
source -- A.ROOT-SERVERS.NET) would have pretty much rocked the e-commerce
market.  Thus do we see that the least secure part of DNS are the procedures
and people, not the protocols or implementation.  That's not a slam on the
InterNIC, but it could be correctly taken as a hint that the new IANA has
some serious procedural work to do regarding change control and publication.

I'm not sure what non-BIND servers did, of course.  (They aren't common yet.)

> Maybe we can get bilateral peering with BBN since we have a root server,

That's what worked for me :-).  Except that I'm perfectly willing to say in
public that I get transit connectivity from BBN (and others) and it's great.
Paul Vixie
La Honda, CA			"Many NANOG members have been around
<[email protected]>			 longer than most." --Jim Fleming
pacbell!vixie!paul		 (An H.323 GateKeeper for the IPv8 Network)