RFC 2870's applicability (Re: Deaggregating for emergency purposes)
Brad Knowles
brad.knowles at skynet.be
Wed Aug 7 21:08:26 UTC 2002
At 4:19 AM +0000 2002/08/07, Paul Vixie wrote:
> RFC 2870 had a lot of cooks, and the end result is somewhat descriptive
> of TLD servers but is anywhere from mildly to wildly wrong with respect
> to the root servers.
I have since learned that there is an update to 2010 in the
works, which should be more acceptable to the root server operators.
As such, I will stop comparing the current state of the servers
against 2870.
> There's no way to change this, really, and one of the ways to not change
> it would be to write an RFC. USGov has its own way of doing things. I
> don't expect anybody to tell them they have to give up their root servers
> as a result. (Except maybe Karl or Jim, I guess.)
They're welcome to run their own servers however they like.
However, if they want to arbitrarily cut off their networks from
"subversive" networks around the world, then I feel that they should
voluntarily give up their root nameservers because they are unable to
adhere to the spirit of the standards by which they are supposed to
be operating (whatever RFC or document you use as that standard).
> 124 ip 210.220.163.80/0 0.0.0.0/0 209 12466
>0 0 126
> 313 ip 216.127.34.163/0 0.0.0.0/0 321 18939
>0 0 120
> 64 ip 210.220.163.78/0 0.0.0.0/0 157 9385
>0 0 88
> 499 ip 209.67.50.88/0 0.0.0.0/0 141 8987
>0 0 84
> 1011 ip 144.137.113.189/0 0.0.0.0/0 119 6854
>0 0 84
> 203 ip 216.175.216.50/0 0.0.0.0/0 139 8865
>2 129 81
> 916 ip 209.150.65.1/0 0.0.0.0/0 160 9344
>2 120 80
> 408 ip 218.44.147.218/0 0.0.0.0/0 130 7800
>0 0 67
> 188 ip 65.192.24.190/0 0.0.0.0/0 121 8712
>0 0 64
Nope, none of those are mine. I was primarily talking about the
other machines on the same network, and the other services that I
strongly suspect that some of the machines are running. Nmap scans
would have a good chance of turning up some results.
> Evi gave a *wonderful* talk at NANOG a year or so back in which
> she explored the many bad flows seen on F. Anyone who runs
> benchmarks against root servers would be a "bad flow". So it's
> no wonder that your testing isn't complete :-).
Yeah, I think I read that paper. I understand, and now I fully
agree. The problem is that there are a dearth of good tools (like
queryperf) to help measure the jitter of the RTTs of low-rate DNS
queries.
> Allow me to present information to the contrary. I co-authored RFC
> 2010, but I had no part in RFC 2870 and in fact had not even read
> it until well after it was published. I consider it inadequate and
> inaccurate for root service, while nonetheless acknowledging its
> applicability toward some ccTLD servers.
I disagree. Certainly, Daniel Karrenberg has publicly disagreed
with this use of RFC 2870. Check the archives of the RIPE DNS
Working Group.
> Clearly, you're way ahead of yourself.
I was comparing the current state of affairs against the wrong
document. I await the publication of the right document.
--
Brad Knowles, <brad.knowles at skynet.be>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E W+++(--) N+ !w---
O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
More information about the NANOG
mailing list