Anonymous planning a root-servers party

Masataka Ohta mohta at necom830.hpcl.titech.ac.jp
Wed Feb 15 18:13:34 CST 2012


Mark Andrews wrote:

> Or just slave the root zone.  1 million root servers is more robust
> than the hundred or so we have today

Good, I was serious to have said "not thousands but millions of"
servers when I proposed anycast root servers.

> and given the root is signed
> you can verify the answers returned.

With anycast, you can reach only a single server among servers
sharing an address even if you find some server compromised,
though you can try others with different addresses.

But, as most attacks will be DOS, DNSSEC capable servers are
weaker.

						Masataka Ohta



More information about the NANOG mailing list