On Fri, Apr 04, 2008 at 07:37:31AM -0700, David Conrad wrote: > >> leakage to the root servers is enormous. > > This sounds to me like a cure that is quite possibly worse than the > > disease. > > In what way?
It rather depends on how much the root zone changes. The targets of "run your own root copy" are the people who don't know how to capture and appropriately isolate (or don't care to do it) their bogus traffic. The proposed solution is to tell them to get a copy of the root zone and run that. What makes us think that they'll keep that copy up to date, do sensible things with it, &c? I am familiar with one largeish zone that had its infrastructure on the wrong end of an expensive link between it and the largest ISP in the country. Their answer to this was to transfer the zone to the ISP. Unfortunately, nobody at the ISP was monitoring the log files, and someone failed to keep the TSIG keys in sync, so their copy of the zone gradually came to be wrong. Since none of this copying-of-zone-around was documented anywhere, it took some time to debug the problem, during which time large sections of that domain were unavailable to a substantial population in the country in question. I can just imagine the hue and cry that would happen when new top level domains "don't work for everybody". A -- Andrew Sullivan [EMAIL PROTECTED] +1 503 667 4564 x104 http://www.commandprompt.com/ _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
