[7616] in North American Network Operators' Group
Re: New Root Name Servers
daemon@ATHENA.MIT.EDU (Karl Denninger)
Tue Feb 18 14:09:48 1997
From: Karl Denninger <karl@Mcs.Net>
To: newdom@vrx.net
Date: Tue, 18 Feb 1997 13:05:50 -0600 (CST)
Cc: nanog@merit.edu
In-Reply-To: <199702181828.KAA22368@wisdom.home.vix.com> from "Paul A Vixie" at Feb 18, 97 10:28:14 am
> Again, I have redirected followups to newdom@vrx.net since this is not a
> NANOG issue.
>
> > >Also, is it possible that the recent problems NANOG
> > >people have been discussing regarding Root Name Servers
> > >is really the result of these transitions to TRUE Root
> > >Name Servers ?
> >
> > If whatever you are doing, however you are implimenting it
> > for whatever reasons, caused corrupted data in h.root-servers.net
> > and the subsequent failures, then you are a menace to the network
> > and should cease and desist activities. You have clearly stated
> > that your servers don't carry the .com domain directly; if you do
> > something which crashes the servers that do carry .com you will
> > likely find yourself sucking air over your ether pipes.
> >
> > You could, of course, merely be confused about what happened a
> > few days ago. I would hope this is the case.
>
> Older BIND servers do in fact become confused in the presence of multiple
> (disparite) authority declarations for the same domain ("." for example).
> Anyone who has a primary/secondary relationship (direct or indirect) with
> a server who subscribes to private "." data is likely to become confused
> in a way that only occasional nameserver restarts will repair.
Balderdash. If that were true, we'd have to restart occasionally to clear
this, and we don't.
> BIND 8.1 is more immune to this than BIND 4.9.5 was, but in fact there is
> no "final and complete" solution to this problem other than DNS Security.
>
> I do not think the problems with H recently had to do with AlterNIC, though.
Ie: "I intend to break alternative, private root arrangements, by including
code which prevents people from doing this".
Good luck Paul.
--
--
Karl Denninger (karl@MCS.Net)| MCSNet - The Finest Internet Connectivity
http://www.mcs.net/~karl | T1's from $600 monthly to FULL DS-3 Service
| 99 Analog numbers, 77 ISDN, Web servers $75/mo
Voice: [+1 312 803-MCS1 x219]| Email to "info@mcs.net" WWW: http://www.mcs.net/
Fax: [+1 312 803-4929] | 2 FULL DS-3 Internet links; 400Mbps B/W Internal
