North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: The whole alternate-root ${STATE}horse
On Sat, Jul 09, 2005 at 01:51:46PM -0400, Todd Vierling wrote: > On Sat, 9 Jul 2005, Jay R. Ashworth wrote: > > It's not the *root* operators that are the problem -- it's the *TLD* > > zone operators. > > Oh, I can certainly agree with that; we've seen some gross abuses of TLDs > documented in gory detail right here on the NANOG list. > > Of course, that too is orthogonal to who provides the delegations in "." -- > except that perhaps some misguided souls are, as is relatively common, > confusing the two realms. Indeed. > > "infrastructure at risk". Justify this *far-reaching* statement, > > please. Show your work. > > AlterNIC overriding .COM and .NET listings, one of the issues leading to its > demise. (This was done in addition to the more memorable cache poisoning > attacks against INTERNIC.NET.) To the extent that you don't call that a criminal aberration -- one that could as easily have happened to one of the root servers currently *taking* the ICANN root zone -- it only affected people who were resolving off that root. That's a pretty small number, and, IMHO, doesn't rise to the level of "placing the infrastructure [of the entire net] at risk". > The risk is uncertainty of name resolution, as the root zone can in fact > override N-level records simply by posessing a more specific name. Root > servers are queried for the full host (but respond with the NS glue > delegation), not just the first component, which allows for such overriding. And that possibility is any different in the n-root case than in the 1-root case... why? > > > Oh wait, your name wouldn't *actually* be Jim Fleming, would it? > > > > <chuckle> > > Well, at least some folks remember. 8-) Whoa, yeah. My Linux boxes all run IPv8. Cheers, -- jra -- Jay R. Ashworth [email protected] Designer Baylink RFC 2100 Ashworth & Associates The Things I Think '87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 If you can read this... thank a system administrator. Or two. --me
|