> > Mark made the claim that a local copy of the root would stop the
> > traffic, which is false. a local copy of the root simply diffuses
> > the traffic.
> >
> > the down sides to local copies of the root as seen from the
> > peanut gallery:
> >
> > ) coherence of the avowed single namespace. There have been
> > a few threads over the past decade on "bit rot" in the root-hints
> > data. Local copies of the root zone will have the same bit-rot
> > characteristics
> > ) the IANA sanctioning alternate roots/namespaces ... "let a
> > thousand roots bloom..."
> > ) just how is the poor application/end user supposed to know
> > or discriminate some local, walled garden root varient from
> > the one true ICANN root varient?
>
> I said COPY. I did not say "THEIR OWN ROOT". A copy needs to
> be kept up to date or it ceases to be a copy. It becomes a
> snapshot.
>
> zone "." {
> type slave;
> masters { <addresses of root servers>; };
> };
er... a rather narrow, constrained view of the
term "copy". I have copies of some datasets that go back
20 years or more. same data set, at different points in time.
apparently you mean a copy of the database, plus/minus some
temporal value and not augmented/diminished in any material
way.
your example of how to obtain a copy, that meets most of the
criteria - seems to have a couple of assuptions...
) you state < addresses of root servers> ... which
ones?
) can you ensure that the "root-servers" listed actually
wills erve accurate data via xfr?
wrt "copy" vs "their own root"...
you and i started this discussion w/ the following:
On Fri, Apr 04, 2008 at 09:05:25AM +1100, Mark Andrews wrote:
>
> There really is only one solution to preventing "bogus"
> traffic reaching the root servers and that is to run a local
> copy of the root zone.
er, it (the bogus ttraffic) still reaches the root.
just your copy of the root, not mine.
--bill
your statement that people should be encouraged to
run a local copy of the root zone begs the question,
run it where? to which my assumption is ... they
run in on their own server, which, being authoritative
for the root now, becomes their own root server.
Did I err?
and where is the "thou shalt NOT" modify/augment/diminish
the contents of the database in the "local" copy ...
>
> Mark
>
> > but you, no doubt, see a much clearer picture. please convince
> > me that my doubts are groundless... that bit-rot won't happen,
>
> It is possible to check the masters similarly to the way
> we check the roots servers today.
coordinating btwn a dozen orgs is one thing, coordinating
btwn an unbounded number is something else. as an analogy,
how many AS112 instances are there and how can one check
for coherent data ebing served by them?
> > that the avowed single namespace will remain intact,
> It will if you keep the copy up to date.
"copy up to date"... so you acknowledge copies can and will
age/diverge over time. and you assume that augmentation
"frosting" will not be applied to the local copy each time
a fresh copy is aquired... presumably from some well known
set of servers
> > and that
> > there will be trival ways for end users to discover the root of
> > the namespace they are using...
>
> dig NS .
please... get real here.
>
> > if the recommendation to run your own copy of the root is approved.
> Note the zone will expire if you don't keep the masters up
> to date unlike failures to keep the root hints up to date.
rndc reload .... to use a bind specific example of reloading
>
> Mark
>
> > --bill
> > _______________________________________________
> > DNSOP mailing list
> > DNSOP@ietf.org
> > https://www.ietf.org/mailman/listinfo/dnsop
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
