F.ROOT-SERVERS.NET moved to Beijing?

Christopher Morrow morrowc.lists at gmail.com
Mon Oct 3 12:09:17 CDT 2011


On Mon, Oct 3, 2011 at 12:38 PM, Danny McPherson <danny at tcb.net> wrote:
>  If the operator of a network service
> can't detect issues *when they occur* in the current system in some
> automated manner, whether unintentional or malicious, they won't be
> alerted, they certainly can't "fix" the problem, and the potential
> exposure window can be significant.
>
> Ideally, the trigger for the alert and detection function is more
> mechanized than "notification by services consumer", and the network
> service operators or other network operators aware of the issue have

Does ISC (or any other anycast root/*tld provider) have external
polling methods that can reliably tell when, as was in this case,
local-anycast-instances are made global? (or when the cone of silence
widens?)

Given that in the ISC case the hostname.bind query can tell you at
least the region + instance#, it seems plausible that some system of
systems could track current/changes in the mappings, no? and either
auto-action some 'fix' (SHUT DOWN THE IAD INSTANCE IT's ROGUE!) or at
least log and notify a hi-priority operations fixer.

Given something like the unique-as work Verisign has been behind you'd
think monitoring route origins and logging 'interesting' changes could
accomplish this as well?

(I suppose i'm not prescribing solutions above, just wondering if
something like these is/could-be done feasibly)

-chris



More information about the NANOG mailing list