<<<
Chronological Index
>>> <<<
Thread Index
>>>
[ga] Re: F Root Server to Be Mirrored
- To: Jim Fleming <JimFleming@ameritech.net>
- Subject: [ga] Re: F Root Server to Be Mirrored
- From: Jeff Williams <jwkckid1@ix.netcom.com>
- Date: Tue, 11 Feb 2003 18:05:55 -0800
- CC: Steve Crocker <steve@stevecrocker.com>, St.Amour@ISOC.ORG, Ted Hardie <Ted.Hardie@nominum.com>, leslie@thinkingcat.com, sales@telehouse.com, mouhamet@next.sn, swaters@amicus.com, starwalker@gay.com, shore@quasar.net, nvictory@ntia.doc.gov, General Assembly of the DNSO <ga@dnso.org>
- Organization: INEGroup Spokesman
- References: <03da01c2d1ed$d5776060$8500a8c0@repligate>
- Sender: owner-ga@dnso.org
Jim and all,
Excellent brief description here Jim. Well done! What is really significant
here that this is one step closer to Multi-Root structure, but is eliminating
the flexibility of Multi-Cast which is uniquely advantageous for such
structures, and far preferable to Any-Cast. It should also be noted
that non-bind resolution will or has the ability to circumvent what
Paul is doing here. Of course he already knows that. >;)
Jim Fleming wrote:
> Is this the result of the ICANN stability and security work ?
>
> Has anyone looked at the difference in the way DNS works with UDP and TCP ?
>
> Is this using the IPv16 architecture with an "out-of-band" communication transport synching the servers behind the scenes ?
>
> http://biz.yahoo.com/bw/030210/102340_1.html
> TELEHOUSE America & Internet Software Consortium Develop DNS F-root Server in New York & Los Angeles
> Monday February 10, 10:30 am ET Deal Enables ISC to Mirror DNS Root Server in Additional U.S. Locations
>
> > http://www.icannwatch.org/article.pl?sid=03/02/10/2335210&mode=thread
> > F Root Server to Be Mirrored
> > This can only be good, can't it?
> > ==========
> >
> > http://isp-planet.com/technology/2002/dns_server.html
> > "BIND has been rated the number one security risk on the Internet by The SANS Institute."
> > ====
> >
> http://www.merit.edu/mail.archives/nanog/msg07385.html
> From: Joe Abley
>
> Each F-root node is carefully designed so that most failures which could stop a nameserver answering queries are reflected in the
> network, both within the F-root node, and within the F-root's service area. If a nameserver within a node is not available, the node
> will not send it queries; if all nameservers within a node are not available, the node will stop advertising 192.5.5.0/24 to its
> local community of peers, who will stop sending queries to the node.
>
> The potential for global instability in (and corresponding dampening of) 192.5.5.0/24 due to some oscillatory error condition in a
> particular node is limited by the fact that each non-Palo Alto node advertises 192.5.5.0/24 to peers only, and precautions are taken
> to limit the propagation of that prefix through peer networks. Only the Palo Alto node advertises 192.5.5.0/24 for global transit.
>
> If a local F-root node withdraws service, resolvers within its catchment area will see the BGP path to the global F-root node in
> Palo Alto exposed and selected. The change in relative RTTs will then cause resolvers (BIND-like resolvers, anyway) to reorder their
> ranking of how close the 13 root servers are, and referrals to the root from the catchment of the dead node will tend towards the
> new closest server, which may or may not be F.
>
> Hence, a failure of a restricted-anycast node restores the usual availability of root servers -- it effectively just removes the
> local optimisation that the anycast node was providing.
>
> Joe
> ===================================
Regards,
--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 129k members/stakeholders strong!)
================================================================
CEO/DIR. Internet Network Eng. SR. Eng. Network data security
Information Network Eng. Group. INEG. INC.
E-Mail jwkckid1@ix.netcom.com
Contact Number: 214-244-4827 or 214-244-3801
--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|