[149776] in North American Network Operators' Group
Re: Anonymous planning a root-servers party
daemon@ATHENA.MIT.EDU (Masataka Ohta)
Wed Feb 15 19:15:01 2012
Date: Thu, 16 Feb 2012 09:13:34 +0900
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
To: nanog@nanog.org
In-Reply-To: <20120215231357.1A77B1D65435@drugs.dv.isc.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Mark Andrews wrote:
> Or just slave the root zone. 1 million root servers is more robust
> than the hundred or so we have today
Good, I was serious to have said "not thousands but millions of"
servers when I proposed anycast root servers.
> and given the root is signed
> you can verify the answers returned.
With anycast, you can reach only a single server among servers
sharing an address even if you find some server compromised,
though you can try others with different addresses.
But, as most attacks will be DOS, DNSSEC capable servers are
weaker.
Masataka Ohta
