<<<
Chronological Index
>>> <<<
Thread Index
>>>
[ga] Re: how many roots must DNS have before it's considered broken (Re: ISP network design of non-authoritative caches)
From: "Steven M. Bellovin" smb@research.att.com
"Sure -- my estimate is that that will take ~8 years"
.BIZ existed long before ICANN...
http://www.dot-biz.com/TimeLine/
People are advised to register in BOTH of
the IPv4 .BIZ registries, for reliable and
redundant DNS service.
8 years ?....incremental approaches are here now...
http://www.dot-biz.com/DNS101/
Jim Fleming
http://www.DOT-BIZ.com
http://www.Register-BIZ.com
http://www.BIZ-Registry.com
----- Original Message -----
From: "Steven M. Bellovin" <smb@research.att.com>
To: "Simon Higgs" <simon@higgs.com>
Cc: <nanog@merit.edu>
Sent: Monday, November 19, 2001 4:51 PM
Subject: Re: how many roots must DNS have before it's considered broken (Re: ISP network design of non-authoritative caches)
>
> In message <5.1.0.14.2.20011119140458.0338d260@oak.higgs.net>, Simon Higgs writ
> es:
> >
> >At 05:21 AM 11/19/01 +0000, you wrote:
> >
> >>Once we start down the slippery slope of "I'm a root too", how
> >>many different ad hoc DNS "universes" (for lack of better
> >>term) must we have before we decide that things are "broken"?
> >
> >Two. That happened back in 1996 when the IANA TLD applicants began getting
> >their glue added to AlterNIC. Today lack of entry in the root has created a
> >dozen or so more alt.roots. Now people are beginning to notice the
> >consequences (i.e. the .US zone is now causing cache pollution outside the
> >legacy root since it's using the ICANN .BIZ name servers - and that .BIZ
> >isn't recognized by all the alt.roots).
>
> See what happens when there's more than one root?
> >
> >But it's OK. Really. There's only one root. Honest. Except for this one,
> >which is being run with all the usual I* blessings:
> >
> >http://www.isi.edu/otdr/
> >
> >>Maintaining a single, authoritative root seems, IMHO, to be a
> >>Good Thing. Given multiple registries, namespace collisions
> >>would get ugly -- and, even in the absence of collisions, let us
> >>consider "reachability" issues.
>
> Don't confuse the question of the number of servers with the technical
> question of what a root is; that's determined by the content.
> >
> >That's the point. Getting the alt.root "universes" to cooperate is an
> >exercise similar to "cat herding", but it has to start somewhere.
> >
>
> Please -- if folks "co-operate" properly, there's one root. Don't
> confuse the question of how many roots there should be with who should
> decide the contents. Whether or not ICANN should be the sole
> decision-maker is a purely political question, and out of scope on the
> ICANN list.
>
> >Simon
> >
> >--
> >DNS is not a sacred cow that cannot be replaced by something better.
>
> Sure -- my estimate is that that will take ~8 years: 1-2 years to
> design, 1-2 years of coding, testing, and interoperability testing, at
> 5 years for the installed base of machines to be replaced, since most
> machines are never upgraded. And you have to climb uphill against that
> installed base, and against folks who don't understand why they should
> populate your new database when they've already populated (and paid,
> both directly and in support costs), for the existing database.
>
> I'm not saying that you're wrong -- in fact, I agree that the current
> scheme is showing its age in many different ways -- but don't
> underestimate the difficulty of replacing it. (The only similar
> example I can think of, in terms of its impact on both end systems and
> the infrastructure, is IPv6 -- and we all know how much of that is
> deployed.)
>
> --Steve Bellovin, http://www.research.att.com/~smb
> Full text of "Firewalls" book now at http://www.wilyhacker.com
>
>
>
--
This message was passed to you via the ga-full@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga-full" in the body of the message).
Archives at http://www.dnso.org/archives.html
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|