The whole alternate-root ${STATE}horse
Jay R. Ashworth
jra at baylink.com
Sat Jul 9 18:09:42 UTC 2005
On Sat, Jul 09, 2005 at 01:51:46PM -0400, Todd Vierling wrote:
> On Sat, 9 Jul 2005, Jay R. Ashworth wrote:
> > It's not the *root* operators that are the problem -- it's the *TLD*
> > zone operators.
>
> Oh, I can certainly agree with that; we've seen some gross abuses of TLDs
> documented in gory detail right here on the NANOG list.
>
> Of course, that too is orthogonal to who provides the delegations in "." --
> except that perhaps some misguided souls are, as is relatively common,
> confusing the two realms.
Indeed.
> > "infrastructure at risk". Justify this *far-reaching* statement,
> > please. Show your work.
>
> AlterNIC overriding .COM and .NET listings, one of the issues leading to its
> demise. (This was done in addition to the more memorable cache poisoning
> attacks against INTERNIC.NET.)
To the extent that you don't call that a criminal aberration -- one
that could as easily have happened to one of the root servers currently
*taking* the ICANN root zone -- it only affected people who were
resolving off that root. That's a pretty small number, and, IMHO,
doesn't rise to the level of "placing the infrastructure [of the entire
net] at risk".
> The risk is uncertainty of name resolution, as the root zone can in fact
> override N-level records simply by posessing a more specific name. Root
> servers are queried for the full host (but respond with the NS glue
> delegation), not just the first component, which allows for such overriding.
And that possibility is any different in the n-root case than in the
1-root case... why?
> > > Oh wait, your name wouldn't *actually* be Jim Fleming, would it?
> >
> > <chuckle>
>
> Well, at least some folks remember. 8-)
Whoa, yeah. My Linux boxes all run IPv8.
Cheers,
-- jra
--
Jay R. Ashworth jra at baylink.com
Designer Baylink RFC 2100
Ashworth & Associates The Things I Think '87 e24
St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274
If you can read this... thank a system administrator. Or two. --me
More information about the NANOG
mailing list