* Paul Vixie: > but i still think that massive global "mirroring" of the root zone would be > a bad idea. opportunities for local errors, local staleness, leaks of local > polocy additions, outrun by a lot the potential unreachability due to ddos. > check http://www.root-servers.org/ to see how many cities are now served. > note that in last week's ddos, as in the one in 2002 (which was documented > at http://c.root-servers.org/october21.txt), no operational outages were > measured -- only monitoring geeks and root server operators even noticed.
If I were looking for a reason to make resolvers authoritative for the root, I'd favor accidental data leaks over increased reliability. For instance, if you hit the middle mouse button in a web browser window, the data in the X selection might end up at the root servers, which is probably not what you intended. (It's harder to fix this than a name server change because the .COM fallback is pretty widely implemented AFAIK.) On the other hand, if you care about such data leaks, you probably shouldn't be using the Internet, at least from some computers. _______________________________________________ DNSOP mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dnsop
