ICANN/GNSO
DNSO and GNSO Mailling lists archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

[ga] Re: F Root Server to Be Mirrored


Jim and all,

  Excellent brief description here Jim.  Well done!  What is really significant
here that this is one step closer to Multi-Root structure, but is eliminating
the flexibility of Multi-Cast which is uniquely advantageous for such
structures, and far preferable to Any-Cast.  It should also be noted
that non-bind resolution will or has the ability to circumvent what
Paul is doing here.  Of course he already knows that.  >;)

Jim Fleming wrote:

> Is this the result of the ICANN stability and security work ?
>
> Has anyone looked at the difference in the way DNS works with UDP and TCP ?
>
> Is this using the IPv16 architecture with an "out-of-band" communication transport synching the servers behind the scenes ?
>
> http://biz.yahoo.com/bw/030210/102340_1.html
> TELEHOUSE America & Internet Software Consortium Develop DNS F-root Server in New York & Los Angeles
> Monday February 10, 10:30 am ET Deal Enables ISC to Mirror DNS Root Server in Additional U.S. Locations
>
> > http://www.icannwatch.org/article.pl?sid=03/02/10/2335210&mode=thread
> > F Root Server to Be Mirrored
> > This can only be good, can't it?
> > ==========
> >
> > http://isp-planet.com/technology/2002/dns_server.html
> > "BIND has been rated the number one security risk on the Internet by The SANS Institute."
> > ====
> >
> http://www.merit.edu/mail.archives/nanog/msg07385.html
> From: Joe Abley
>
> Each F-root node is carefully designed so that most failures which could stop a nameserver answering queries are reflected in the
> network, both within the F-root node, and within the F-root's service area. If a nameserver within a node is not available, the node
> will not send it queries; if all nameservers within a node are not available, the node will stop advertising 192.5.5.0/24 to its
> local community of peers, who will stop sending queries to the node.
>
> The potential for global instability in (and corresponding dampening of) 192.5.5.0/24 due to some oscillatory error condition in a
> particular node is limited by the fact that each non-Palo Alto node advertises 192.5.5.0/24 to peers only, and precautions are taken
> to limit the propagation of that prefix through peer networks. Only the Palo Alto node advertises 192.5.5.0/24 for global transit.
>
> If a local F-root node withdraws service, resolvers within its catchment area will see the BGP path to the global F-root node in
> Palo Alto exposed and selected. The change in relative RTTs will then cause resolvers (BIND-like resolvers, anyway) to reorder their
> ranking of how close the 13 root servers are, and referrals to the root from the catchment of the dead node will tend towards the
> new closest server, which may or may not be F.
>
> Hence, a failure of a restricted-anycast node restores the usual availability of root servers -- it effectively just removes the
> local optimisation that the anycast node was providing.
>
> Joe
> ===================================

Regards,
--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 129k members/stakeholders strong!)
================================================================
CEO/DIR. Internet Network Eng. SR. Eng. Network data security
Information Network Eng. Group. INEG. INC.
E-Mail jwkckid1@ix.netcom.com
Contact Number: 214-244-4827 or 214-244-3801


--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html




<<< Chronological Index >>>    <<< Thread Index >>>