North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: DNS Headaches.
> > . 2D IN NS PANIC.WEBTEAM.NET. > > . 2D IN NS TORGO.WEBTEAM.NET. > > PANIC.WEBTEAM.NET. 2D IN A 126.96.36.199 > > TORGO.WEBTEAM.NET. 2D IN A 188.8.131.52 > > How did this happen anyway? InterNIC? Postel? M.I.B.H., no doubt. > Doesn't this error imply that a percentage of the > Internet was unresolvable by the entire planet? Luckily not. Those servers are running with recursion enabled. So they sent back a lot of nonauthoritative answers, which were treated as server failures but forwarded anyway. At least BIND would have done that. Had the above servers been configured with recursion disabled, then the above delegation (coming as it did as an authoritative answer from a bootstrap source -- A.ROOT-SERVERS.NET) would have pretty much rocked the e-commerce market. Thus do we see that the least secure part of DNS are the procedures and people, not the protocols or implementation. That's not a slam on the InterNIC, but it could be correctly taken as a hint that the new IANA has some serious procedural work to do regarding change control and publication. I'm not sure what non-BIND servers did, of course. (They aren't common yet.) > Maybe we can get bilateral peering with BBN since we have a root server, That's what worked for me :-). Except that I'm perfectly willing to say in public that I get transit connectivity from BBN (and others) and it's great. -- Paul Vixie La Honda, CA "Many NANOG members have been around <[email protected]> longer than most." --Jim Fleming pacbell!vixie!paul (An H.323 GateKeeper for the IPv8 Network)