On Fri, Feb 17, 2012 at 02:41:57PM +0100, Damien Fleuriot wrote: > Hello list, Jeremy, Doug, > > > We're currently having a discussion on the FRnOG mailing list regarding > the laughable announcement of an attack on the DNS root servers by > Anonymous. > > I've kinda hijacked the thread to ask whether people slave the root zone > or not, and why if not. > > > Active poster, renowned blogger and AFNIC worker Stephane Bortzmeyer > pointed out that it might not be a good idea and submitted the following > discussion from 2007 as reference: > http://lists.freebsd.org/pipermail/freebsd-current/2007-August/075895.html > > > Do you still believe slaving the root zone to be a bad idea ?
The important thread (IMO) is actually here: https://lists.dns-oarc.net/pipermail/dns-operations/2007-July/thread.html#1804 These are the people you should be asking this question to given the "announcement". Folks like Paul Vixie and David Conrad. Also, just a tip: given that at an old job I dealt with DoS and DDoS attacks on our infrastructure on a near-daily basis (advice to public: never run a public IRC server on a major network), I wouldn't be so quick to dismiss the claim as "laughable". Folks can bring up the distribution of all the root servers, anycast, etc. all they want, but nobody truly knows how "distributed" the DDoS will be. Sit back and think about that one for a little while, let it stew in your mind. Rest assured, if what is being proposed turns out to be accomplished, you will be quite surprised at how many large Fortune 500 companies and financial organisations are impacted by it. I can't go into details, but I can assure you with utmost certainty that many of them rely on Internet transit for very important transactions -- most of which use DNS-based lookups for all sorts of things. Given the state of IT in general these days, chances are very few companies have thought ahead in this case. Though DNS may not simply break 100% (duh), failed lookups and "oddities" occurring all over the place would be likely. If you've ever worked at a large corporation, you'll know how easy it is for people to incorrectly assess reasons for outages -- it wouldn't surprise me if it took said companies 24-48 hours to figure out what was truly the root cause. TL;DR -- don't be hasty when it comes to threats on the Internet on such a large scale. It's amazing the infrastructure we have today works at all anyway. -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, US | | Making life hard for others since 1977. PGP 4BD6C0CB | _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
