North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: .mil domain
On Fri, May 30, 2003 at 01:28:01PM -0700, Mike Damm wrote: > Counter: leave everything as it is. If they are willing to provide the > hardware, bandwidth, and administrative costs to run root servers, they can > block whoever they want. Just like if you run a web server you can block > anyone from accessing it that you want. If you don't like it, start up your > own root zone, there isn't anything stopping you. > > Not that it matters much in the big scheme of things; most modern resolvers > will give preference to root servers they can actually reach. > > I for one am pretty happy with where E, G, and H are. Cogent and VeriSign's > networks can hardly handle power cycles, let alone nuclear wars. You're either smoking the finest quality crack I've ever seen, or using the common sense of a flea on dope. RFC2870, Root Name Server Operational Requirements, quite clearly states: 2.6 Root servers MUST answer queries from any internet host, i.e. may not block root name resolution from any valid IP address, except in the case of queries causing operational problems, in which case the blocking SHOULD last only as long as the problem, and be as specific as reasonably possible. I highly doubt that the maintainers of the two .mil hosted servers are actually blocking queries from them. In fact, this is very much like saying Mr Vixie and the ISC cannot block people accessing the remainder of their network, just because they host a root name server. Yes, I think I go with the smoking crack option.