RFC 2870's applicability (Re: Deaggregating for emergency purposes)

Wed Aug 7 21:08:26 UTC 2002

At 4:19 AM +0000 2002/08/07, Paul Vixie wrote:

>  RFC 2870 had a lot of cooks, and the end result is somewhat descriptive
>  of TLD servers but is anywhere from mildly to wildly wrong with respect
>  to the root servers.

	I have since learned that there is an update to 2010 in the 
works, which should be more acceptable to the root server operators. 
As such, I will stop comparing the current state of the servers 
against 2870.

>  There's no way to change this, really, and one of the ways to not change
>  it would be to write an RFC.  USGov has its own way of doing things.  I
>  don't expect anybody to tell them they have to give up their root servers
>  as a result.  (Except maybe Karl or Jim, I guess.)

	They're welcome to run their own servers however they like. 
However, if they want to arbitrarily cut off their networks from 
"subversive" networks around the world, then I feel that they should 
voluntarily give up their root nameservers because they are unable to 
adhere to the spirit of the standards by which they are supposed to 
be operating (whatever RFC or document you use as that standard).

>  124 ip    210.220.163.80/0             0.0.0.0/0      209    12466 
>0    0 126
>  313 ip    216.127.34.163/0             0.0.0.0/0      321    18939 
>0    0 120
>   64 ip    210.220.163.78/0             0.0.0.0/0      157     9385 
>0    0  88
>  499 ip      209.67.50.88/0             0.0.0.0/0      141     8987 
>0    0  84
>  1011 ip   144.137.113.189/0             0.0.0.0/0      119     6854 
>0    0  84
>  203 ip    216.175.216.50/0             0.0.0.0/0      139     8865 
>2  129  81
>  916 ip      209.150.65.1/0             0.0.0.0/0      160     9344 
>2  120  80
>  408 ip    218.44.147.218/0             0.0.0.0/0      130     7800 
>0    0  67
>  188 ip     65.192.24.190/0             0.0.0.0/0      121     8712 
>0    0  64

	Nope, none of those are mine.  I was primarily talking about the 
other machines on the same network, and the other services that I 
strongly suspect that some of the machines are running.  Nmap scans 
would have a good chance of turning up some results.

>  Evi gave a *wonderful* talk at NANOG a year or so back in which
>  she explored the many bad flows seen on F.  Anyone who runs
>  benchmarks against root servers would be a "bad flow".  So it's
>  no wonder that your testing isn't complete :-).

	Yeah, I think I read that paper.  I understand, and now I fully 
agree.  The problem is that there are a dearth of good tools (like 
queryperf) to help measure the jitter of the RTTs of low-rate DNS 
queries.

>  Allow me to present information to the contrary.  I co-authored RFC
>  2010, but I had no part in RFC 2870 and in fact had not even read
>  it until well after it was published.  I consider it inadequate and
>  inaccurate for root service, while nonetheless acknowledging its
>  applicability toward some ccTLD servers.

	I disagree.  Certainly, Daniel Karrenberg has publicly disagreed 
with this use of RFC 2870.  Check the archives of the RIPE DNS 
Working Group.

>  Clearly, you're way ahead of yourself.

	I was comparing the current state of affairs against the wrong 
document.  I await the publication of the right document.

-- 
Brad Knowles, <brad.knowles at skynet.be>

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
     -Benjamin Franklin, Historical Review of Pennsylvania.

GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E W+++(--) N+ !w---
O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)