North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: AW: Odd policy question.

  • From: bmanning
  • Date: Fri Jan 13 17:53:51 2006

On Fri, Jan 13, 2006 at 12:09:51PM -1000, Randy Bush wrote:
> 
> > Well, RFC2010 section 2.12 hints at cache pollution attacks, and that's
> > been discussed already.  Note that I can't seem to find the same claim
> > in RFC2870, which obsoletes 2010 (and the direction against recursive
> > service is still there).
> 
> despite others saying that 2870 should apply to servers other
> than root servers, i do not support that.  and that leaves
> aside that some root servers do not follow it very well.
> 
> randy

	RFC 2870 was crafted at a time when the machines hosting the
	root zone also hosted several -large- TLD zones.  Anycast was
	not widely used when this document was written.  RFC 2010 did
	indicate that requirements would likely change in future, while
	RFC 2870 reinforced the then status quo.

	Perhaps the most fatal mistake of RFC 2870 was the ambigious
	treatment of the service provisioning as distinctly different
	than protecting the availability of the (single?) instance of
	the hardware that provides that service.  

	Given the changed nature of the publication platform for the root
	zone, (no big TLDs hosted there anymore) and the widescale use of
	anycast in the root, while not with many TLDs - it is clear to me
	that RFC 2870 applicability is oriented more toward TLD operations.

	For these and a few other reasons, no root server operator that
	i am aware of (save ICANN) actually tries to follow RFC 2870... 
	Several try and follow RFC 2010 still ... despite the I[E/V]TF's 
	marking of "obsolete" on RFC 2010.  That said, there might be a 
	replacement for both offered up - if time allows.  


--bill