On Jul 9, 2014, at 11:15 AM, Paul Vixie <p...@redbarn.org> wrote: > Paul Hoffman wrote: >> On Jul 9, 2014, at 10:45 AM, Paul Vixie <p...@redbarn.org> >> wrote: >> >> >>> << Criticisms of the current and historical Root Name Server System include >>> lack of resistance to DDoS attack, noting that even with the current wide >>> scale anycasting by every Root Name Server Operator, there are still only a >>> few hundred name servers in the world who can answer authoritatively for >>> the DNS root zone. We are also concerned that reachability of the Root Name >>> Server System is required even for purely local communication, since >>> otherwise local clients have no way to discover local services. In a world >>> sized distributed system like the Internet, critical services ought to be >>> extremely well distributed. >> >>> >> >> Apologies, but that doesn't answer the question. In the face of lack of >> resistance to DDoS attacks, why is it better to have more *authoritative* >> root servers, as compared to validating recursive resolvers that have an >> up-to-date signed copy of the root? Similarly, for purely local >> communication, why is it better to have more *authoritative* root servers? >> The last sentence above makes good sense, but it too is not related to the >> number authoritative servers. >> > > my comparison of the recursive vs authoritative approach to scaling root name > service was given in the attached e-mail. --vix
I'll take that as a "no" to you having answers to the questions about why it is better to have the additional servers be authoritative. --Paul Hoffman _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
